I'm not sure I got it right, because I'm not familiar with the checksum procedure. I will make a short text below, to show how I see the process and maybe someone can pinpoint the mistakes.
The *.tgz files are obtained by tree compilation so there is a new set and sha256s are compiled for each file. All new *.tgz are blended into *.iso file and a sha256 is compiled for this *.iso too. I think there are some mistakes in this scenario, since I observed that for example the bsd file from file by file download is different from the bsd file embedded into the *.iso file. I'm not trying to waste your time explaining me the whole process, but please tell me how to use this SHA256 file then? What to observe, what to match? Is it good only for file by file downloading? How to check the *.iso integrity then and how to check if *.iso is correctly imprinted on the CD after burning ? Many thanks.