Hi all, Hopefully this is the correct list to report this, if not, I'd appreciate it if you could point me in the right direction. There seem to be problems with the PGP signatures for the debian-installer ISO images including non-free firmware hosted here: http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/ Some of the images, such as wheezy_di_rc1, have no signatures (no .sign files present). Others, such as the "current" images dated 2013-02-23/2013-02-24, seem to have an invalid signature (I am verifying against keys in the debian-keyring 2012.11.15 package from wheezy): david@spongebob:~/Downloads$ gpg2 -v --keyring /usr/share/keyrings/debian-role-keys.gpg -v SHA256SUMS.sign gpg: armor: BEGIN PGP SIGNATURE Version: GnuPG v1.4.12 (GNU/Linux) :signature packet: algo 1, keyid DA87E80D6294BE9B version 4, created 1361115854, md5len 0, sigclass 0x00 digest algo 8, begin of digest 69 3e hashed subpkt 2 len 4 (sig created 2013-02-17) subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B) data: [4096 bits] gpg: armor header: gpg: assuming signed data in `SHA256SUMS' gpg: Signature made sun 17.feb 2013, 15:44:14 GMT using RSA key ID 6294BE9B gpg: using PGP trust model gpg: key 372523E0: accepted as trusted key gpg: BAD signature from "Debian CD signing key <debian-cd@lists.debian.org>" gpg: binary signature, digest algorithm SHA256 For now, I'll hold off on installing these images, but it would be great to get this fixed, as I have some hardware that requires a firmware blob for the ethernet card. PS: I'm not subscribed to the list, so in case you need more information, please contact me directly. Best regards, Davíð Steinn Geirsson david@dsg.is
Attachment:
signature.asc
Description: PGP signature