Re: debian unofficial website hacked

[john doe <johndoe65534@mail.com>]

On 2/8/2018 7:54 PM, Jude DaShiell wrote:
> Yes, I imported the debian signing key and I have MD5SUMS and 
> MD5SUMS.sign sha256SUMS SHA256SUMS.sign SHA512SUMS and SHA512SUMS.sign 
> SHA1SUMS SHA1SUMS.sign.

From which URL did you get the  files?

> On Thu, 8 Feb 2018, john doe wrote:
>
> > Date: Thu, 8 Feb 2018 07:12:27
> > From: john doe <johndoe65534@mail.com>
> > To: debian-accessibility@lists.debian.org
> > Subject: Re: debian unofficial website hacked
> > Resent-Date: Thu,  8 Feb 2018 12:12:39 +0000 (UTC)
> > Resent-From: debian-accessibility@lists.debian.org
> >
> > On 2/8/2018 12:34 PM, Jude DaShiell wrote:
> > >  running gpg --verify *.sign on all sign files found where 
> > > debian-buster is
> > >  downloaded returns bad key and [unknown] on those files.? I think the
> > >  website has got dirty.
> >
> > - Did you import the Debian signing key?
> > - Which files did you verify (URL used, you should only use debian.org)?
> > - What commands did you use and what are the output of those commands?


--
John Doe