[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian testing ISOs not GPG signed?

On Sun, Mar 09, 2014 at 02:17:20PM +0100, Marcel `sdrfnord` McKinnon wrote:
>I just wanted to reinstall my system on new hardware so I downloaded the current
>Debian testing (http://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-cd/)
>build. After downloading it, I wanted to verify the integrity of the ISO (as I
>was used to from the stable builds). But I did not find a signed checksum file.
>Are testing builds not signed?? Is there another way to check the integrity of
>the testing ISOs?

We (I) don't sign any of the non-release builds on cdimage, no. Only
official stable and beta releases are signed, meaning that they've
undergone some manual verification and testing. It's a deliberate
policy not to sign the testing images, so as to avoid keeping PGP key
material on a remote server.

Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I can't ever sleep on planes ... call it irrational if you like, but I'm
 afraid I'll miss my stop" -- Vivek Dasmohapatra

Reply to: