Re: timestamp of the signature of Debian 12 netinst

To: debian-security@lists.debian.org
Subject: Re: timestamp of the signature of Debian 12 netinst
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sat, 24 Jun 2023 19:25:21 +0100
Message-id: <[🔎] EDC5BE13-9A17-4365-86DA-1F5B414D63B8@debian.org>
In-reply-to: <[🔎] 0ab2943fb2d46293893a3c98e55f7514d85e3014.camel@online.de>
References: <20230623144430.CABB7206F5@bendel.debian.org> <20230623144438.17191206F4@bendel.debian.org> <fce79210b6cbca2a72ec4a3e4d8f77143d16e2d6.camel@online.de> <20230623144545.3F489206F9@bendel.debian.org> <[🔎] a57ad0d4fe2a95a403b91e71053b40b43bce4c91.camel@online.de> <[🔎] c1e3c85458d742e099008f2254c4d2ea033b1b75.camel@adam-barratt.org.uk> <[🔎] 6c67f2ebddc37e4df20b0ecef6d9f8b18895ba5d.camel@online.de> <[🔎] 20230623195854.estizwvd36gmpdhg@yuggoth.org> <[🔎] 0ab2943fb2d46293893a3c98e55f7514d85e3014.camel@online.de>

On 24 June 2023 19:20:57 BST, Julian Schreck <js-priv@online.de> wrote:

I meant: Where to find *the date and time that the signature for the SHA512SUMS file was produced* (on the website)?
--
On 2023-06-23 20:59:07 +0200 (+0200), Julian Schreck wrote:
Where to find the former? (Or do I not need it for checking the
integrity of the download(s)?)
[...]
[1] : https://www.debian.org/CD/verify, e. g. 2011-01-05 [SC]
[...]

Please restate your question more precisely if this doesn't answer
it (because it's not clear what you meant by "find the former" since
"the former" was material you quoted in your reply already), but if
you follow that URL you'll see instructions for checking the
integrity and provenance of downloads.

You won't find it there, and it doesn't matter. You only need to verify that the signature is by the trusted key, which your output indicates that it was (although you have to rely on a CA trust path).

--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51

Reply to:

References:
- timestamp of the signature of Debian 12 netinst
  - From: Julian Schreck <js-priv@online.de>
- Re: timestamp of the signature of Debian 12 netinst
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: timestamp of the signature of Debian 12 netinst
  - From: Julian Schreck <js-priv@online.de>
- Re: timestamp of the signature of Debian 12 netinst
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: timestamp of the signature of Debian 12 netinst
  - From: Julian Schreck <js-priv@online.de>

Prev by Date: Re: timestamp of the signature of Debian 12 netinst
Next by Date: Re: c-ares, CVE-2023-31147, CVE-2023-31124
Previous by thread: Re: timestamp of the signature of Debian 12 netinst
Next by thread: Re: timestamp of the signature of Debian 12 netinst
Index(es):
- Date
- Thread