Re: Debian testing ISOs not GPG signed?

To: Marcel `sdrfnord` McKinnon <sdrfnord@gmx.de>
Cc: debian-cd@lists.debian.org
Subject: Re: Debian testing ISOs not GPG signed?
From: Steve McIntyre <steve@einval.com>
Date: Sun, 9 Mar 2014 16:54:13 +0000
Message-id: <[🔎] 20140309165413.GP9283@einval.com>
In-reply-to: <[🔎] 531C69E0.7040804@gmx.de>
References: <[🔎] 531C69E0.7040804@gmx.de>

On Sun, Mar 09, 2014 at 02:17:20PM +0100, Marcel `sdrfnord` McKinnon wrote:
>
>I just wanted to reinstall my system on new hardware so I downloaded the current
>Debian testing (http://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-cd/)
>build. After downloading it, I wanted to verify the integrity of the ISO (as I
>was used to from the stable builds). But I did not find a signed checksum file.
>Are testing builds not signed?? Is there another way to check the integrity of
>the testing ISOs?

We (I) don't sign any of the non-release builds on cdimage, no. Only
official stable and beta releases are signed, meaning that they've
undergone some manual verification and testing. It's a deliberate
policy not to sign the testing images, so as to avoid keeping PGP key
material on a remote server.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I can't ever sleep on planes ... call it irrational if you like, but I'm
 afraid I'll miss my stop" -- Vivek Dasmohapatra

Reply to:

Follow-Ups:
- Re: Debian testing ISOs not GPG signed?
  - From: Mattias Wadenstein <maswan@acc.umu.se>

References:
- Debian testing ISOs not GPG signed?
  - From: Marcel `sdrfnord` McKinnon <sdrfnord@gmx.de>

Prev by Date: Debian testing ISOs not GPG signed?
Next by Date: Re: Debian testing ISOs not GPG signed?
Previous by thread: Debian testing ISOs not GPG signed?
Next by thread: Re: Debian testing ISOs not GPG signed?
Index(es):
- Date
- Thread