I downloaded all 4 CD images from a site.
I want to check these CDs to be sure they are officials.
The file MD5SUM seems to contain MD5 for each four CD ISO images. (I checked, it’s OK)
This file is signed. How can I check the signature ?
When I type gpg –verify MD5SUM it replies
Gpg : signature made Mon Jan 21 2002 CED using DSA key ID 88C7C1F7.
Can’t check signature : public key not found
So, where can I find that public key ?
It seems different than the key ftp_master 1024D/722F1AED used to sign Releases.gpg using apt.
I want to be far more certain these images come from DEBIAN and not from FBI ! that’s what digital signatures are intended for …
mulder, scully mayday !!!
Thank you in advance