[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iso_keys


On Wed, Jan 17, 2018 at 08:50:17PM -0000, sejobud33@bitmessage.de wrote:
>Wednesday January 17 2018
>the official cd_dvd amd64 stable/stretch are not authentic/can't be
>authentified : BAD
>- LIVE DVD : idem
>you published the keys/iso without have checked before their
>validity/compatibility ?

No, I've just checked things directly on the cdimage server and they
signatures look fine to me. For example:

debian-cd@pettersson:/mnt/nfs-cdimage/release/current/amd64/iso-dvd$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Sun 10 Dec 2017 02:58:23 UTC
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: please do a --check-trustdb
gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]

>gpg --verify sums512.sign sums512
>gpg: Signature made Sun 10 Dec 2017 03:58:21 CET
>gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
>gpg: Can't check signature: No public key

sums512.sign and sums512 are not the same filenames as on the
server. Whatever you're doing with those files might be breaking the
integrity of the signatures...

>9.0. is not available (9.3 only ! ).
>could you put on line asap the debian 9.0.0. stretch stable or update
>9.3.0. with the right keys ?

All the older releases are also available from
https://cdimage.debian.org/cdimage/archive/ if you need them.

>*or my gtkhash/cli is broken and reporting this is a big error but in case
>of doubt i do it , sorry.

No problem - thanks for raising your concerns, but all looks OK to me.

Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I can't ever sleep on planes ... call it irrational if you like, but I'm
 afraid I'll miss my stop" -- Vivek Das Mohapatra

Attachment: signature.asc
Description: PGP signature

Reply to: