Re: debian unofficial website hacked
On 2/8/2018 8:03 PM, john doe wrote:
On 2/8/2018 7:54 PM, Jude DaShiell wrote:
Yes, I imported the debian signing key and I have MD5SUMS and
MD5SUMS.sign sha256SUMS SHA256SUMS.sign SHA512SUMS and SHA512SUMS.sign
SHA1SUMS SHA1SUMS.sign.
From which URL did you get the files?
For testing purposes I have downloaded SHA512SUMS.sign and SHA512SUMS
from the following link:
https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha1/multi-arch/bt-cd/
$ wget
https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha1/multi-arch/bt-cd/SHA512SUMS.sign
https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/buster_di_alpha1/multi-arch/bt-cd/SHA512SUMS
When verifying the checksum file I get:
$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made ...
gpg: using RSA key 0xDA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key
<debian-cd@lists.debian.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
What command did you use and what output did you get?
Note that my mailer is folding my answer.
--
John Doe
Reply to: