Date: Thu, 8 Feb 2018 14:03:40
From: john doe <johndoe65534@mail.com>
To: debian-accessibility@lists.debian.org
Subject: Re: debian unofficial website hacked
Resent-Date: Thu, 8 Feb 2018 19:03:53 +0000 (UTC)
Resent-From: debian-accessibility@lists.debian.org
On 2/8/2018 7:54 PM, Jude DaShiell wrote:
Yes, I imported the debian signing key and I have MD5SUMS and MD5SUMS.sign
sha256SUMS SHA256SUMS.sign SHA512SUMS and SHA512SUMS.sign SHA1SUMS
SHA1SUMS.sign.
From which URL did you get the files?
On Thu, 8 Feb 2018, john doe wrote:
Date: Thu, 8 Feb 2018 07:12:27
From: john doe <johndoe65534@mail.com>
To: debian-accessibility@lists.debian.org
Subject: Re: debian unofficial website hacked
Resent-Date: Thu,? 8 Feb 2018 12:12:39 +0000 (UTC)
Resent-From: debian-accessibility@lists.debian.org
On 2/8/2018 12:34 PM, Jude DaShiell wrote:
?running gpg --verify *.sign on all sign files found where debian-buster
is
?downloaded returns bad key and [unknown] on those files.? I think the
?website has got dirty.
- Did you import the Debian signing key?
- Which files did you verify (URL used, you should only use debian.org)?
- What commands did you use and what are the output of those commands?