On Mon, Nov 03, 2014 at 02:15:20AM +0100, Cyril Brulebois wrote: >Hello, > >Erkki Lintunen <ebirdie@iki.fi> (2014-11-02): >> I couldn't find the "Debian Testing CDs Automatic Signing Key >> <debian-cd@lists.debian.org>" (Key fingerprint = F41D 3034 2F35 4669 >> 5F65 C669 4246 8F40 09EA 8AC3) from keyservers or from >> keyring.debian.org. The key's information is listed on the web-page >> "Verifying authenticity of Debian CD" >> <https://www.debian.org/CD/verify>, which says the key should be >> available from the keyring.debian.org. The Alioth git repository has a >> key entry for stable release CDs however. >> >> Is there some other place to get the key from, as the possibility that no >> one has missed the key yet feels almost impossible? > >kibi@arya:~$ gpg --search-keys 0x09EA8AC3 >gpg: searching for "0x09EA8AC3" from hkp server keys.gnupg.net >(1) Debian Testing CDs Automatic Signing Key <debian-cd@lists.debian.org> > 4096 bit RSA key F41D30342F3546695F65C66942468F4009EA8AC3, created: 2014-04-15 > >and yes, that key isn't the one used to sign official releases. Please >note that the web page you linked to specifically mentions “Official >releases of Debian CDs”. Exactly. >Maybe there should be some clean-up/update in that key list though. >Steve will likely know. At some point when I get some free time (*giggle*) I may go through and re-sign some of the older releases with the current key. Then we'll be able to drop some of the older keys from that page. Don't hold your breath, though... -- Steve McIntyre, Cambridge, UK. steve@einval.com There's no sensation to compare with this Suspended animation, A state of bliss
Attachment:
signature.asc
Description: Digital signature