Question on bad signature 180416

To: debian-cd@lists.debian.org
Subject: Question on bad signature 180416
From: Jorgen Ottosson <otto@de.acme.nu>
Date: Mon, 16 Apr 2018 11:11:27 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.10.1804161106020.16939@de.acme.nu>

Hi,

I have tested verifying the sig on the SHA1 file from here:https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/


but have not been successful in doing so.

Example:

-----

$ gpg SHA1SUMS.sign
Detached signature.
Please enter name of data file: debian-9.4.0-amd64-xfce-CD-1.iso

gpg: Signature made Fri 16 Mar 2018 09:50:55 PM CET using RSA key ID6294BE9Bgpg: BAD signature from "Debian CD signing key<debian-cd@lists.debian.org>"


-----

The SHA1SUMS.sign file contains:

da34180d8f618a6a311fe31fb08508496eb91601  debian-9.4.0-amd64-netinst.iso
341cbaf33c632891e23f0b2bffaebf2856a868fe  debian-9.4.0-amd64-xfce-CD-1.iso

c5dfa66c6885fbfe476b0da381d77145c994c629debian-mac-9.4.0-amd64-netinst.iso

Am I missing something? This should indicate some error in data etc, ifkey was unsigned locally it would clearly indicate that the sig checksmathematically but is not trusted, ie sig checks but it not verified.


Any comments welcome.

SY,
Jorgen

Reply to:

Follow-Ups:
- Re: Question on bad signature 180416
  - From: Jorgen Ottosson <otto@de.acme.nu>
- Re: Question on bad signature 180416
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Beep twice when install starts
Next by Date: Re: Question on bad signature 180416
Previous by thread: Re: Beep twice when install starts
Next by thread: Re: Question on bad signature 180416
Index(es):
- Date
- Thread