Not sure where to post this, but a person wanting to try linux pointed this out to me.

The download page offers only this:
Verify your download before use

Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version. You could verify the file in the process of downloading. For example a checksum (SHA256) will be used automatically if you choose Metalink in the field above and use the add-on DownThemAll! in Firefox.
For each ISO, we offer a checksum file with the corresponding SHA256 sum. For extra security, you can use GPG to verify who signed those .sha256 files. It should be 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284.
He said he tried hunting the release notes and install notes, but found nothing to tell him how to manually check the checksum of the already-downloaded file. I helped him with that, but should there not be some clear instructions for the newcomers to Linux?

We could have an example of how to do it manually, such as:
sha256sum openSUSE-Leap-42.1-DVD-x86_64.iso
Of course, they should also have it explained that they should cd to that directory, and they can compare it to the checksum in the linked file.

A LInux newcomer is also unlikely to know what "you can use GPG to verify" actually means and how it is done.