Hi
I am writing because I was puzzled about part of the explanation on the page
I do not understand from the given page how to use .sign files and gpg in order to check verify the authenticity of debian cds. I understand the part with using sha256sum or sha512sum or md5sum to check whether the files were downloaded correctly.
What I do not understand is, should one download keys from debian keyserver and/or use the files with extension .sign and gpg to perform some sort of verification. If so what are the steps that should be taken to do this step.
Also where should one find uids or ids of keys to receive from the keyserver to check specifically latest debian isos.
Thank you in advance for your help. And it would be wonderful if the webpage states these steps.