ftp.us.debian.org signature problems?

To: debian-user@lists.debian.org
Subject: ftp.us.debian.org signature problems?
From: Chet Murthy <chet@watson.ibm.com>
Date: Sun, 12 Mar 2006 17:19:27 -0500
Message-id: <[🔎] 200603121719.28129.chet@watson.ibm.com>

Today I was updating, and I noticed that the testing/Release file has
a bad signature, and that that signature is -different- from the
signature on the same file from http.us.debian.org.

I wouldn't know if this is innocuous or dangerous -- figured I should
report it.

When I switched to http.us.debian.org, all my updates worked with no
complaints about failure to verify signatures.  The output of my
apt-key is:

bismarck:~/tmp/ugh> sudo apt-key list
/etc/apt/trusted.gpg
--------------------
pub   1024R/1DB114E0 2004-01-15 [expired: 2005-01-27]
uid                  Debian Archive Automatic Signing Key (2004) <ftpmaster@debian.org>

pub   1024D/4F368D5D 2005-01-31 [expired: 2006-01-31]
uid                  Debian Archive Automatic Signing Key (2005) <ftpmaster@debian.org>

pub   1024D/B5F5BBED 2005-04-24
uid                  Debian AMD64 Archive Key <debian-amd64@lists.debian.org>
sub   2048g/34FC6FE5 2005-04-24

pub   1024D/2D230C5F 2006-01-03 [expires: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org>

pub   1024D/1F41B907 1999-10-03
uid                  Christian Marillat <marillat@debian.org>
uid                  Christian Marillat <marillat@free.fr>
sub   1536g/C28DCC42 1999-10-03
sub   1024D/5D3877A7 2002-08-26

--chet--

bismarck:~/tmp/ugh> wget 'http://ftp.us.debian.org/debian/dists/testing/Release.gpg' -O bad
--17:17:13--  http://ftp.us.debian.org/debian/dists/testing/Release.gpg
           => `bad'
Resolving ftp.us.debian.org... 128.101.240.212, 216.37.55.114, 204.152.191.7, ...
Connecting to ftp.us.debian.org|128.101.240.212|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 189 [text/plain]

100%[=============================================================================================================>] 189           --.--K/s             

17:17:13 (20.03 MB/s) - `bad' saved [189/189]

bismarck:~/tmp/ugh> wget 'http://http.us.debian.org/debian/dists/testing/Release.gpg' -O good
--17:17:19--  http://http.us.debian.org/debian/dists/testing/Release.gpg
           => `good'
Resolving http.us.debian.org... 64.50.238.52, 128.101.240.212, 216.37.55.114, ...
Connecting to http.us.debian.org|64.50.238.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 189 [text/plain]

100%[=============================================================================================================>] 189           --.--K/s             

17:17:19 (18.02 MB/s) - `good' saved [189/189]

bismarck:~/tmp/ugh> diff -Bwiu bad good
--- bad 2006-03-10 16:14:26.000000000 -0500
+++ good        2006-03-12 16:13:51.000000000 -0500
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (GNU/Linux)
 
-iD8DBQBEEewyAQkIMS0jDF8RAmg2AJ9HzoNH+2UusvaCuX62Y6mlF4SV5QCfX/qO
-D3QFybJKOsneteHSdKmhigM=
-=p3i8
+iD8DBQBEFI8PAQkIMS0jDF8RAi8KAJ0WJvwxyq1PrXgXZ8YbQEKD18xGeQCgn1Zx
+C5fv9j3DMmodOKDSyuGtkSc=
+=p1rD
 -----END PGP SIGNATURE-----
bismarck:~/tmp/ugh>

Reply to:

Follow-Ups:
- Re: ftp.us.debian.org signature problems?
  - From: Edward Shornock <debian-ml@crazeecanuck.homelinux.net>
- Re: ftp.us.debian.org signature problems?
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Hardware
Next by Date: Re: mp4, audio and mplayer
Previous by thread: Re: [Testing] alsamixer: function snd_ctl_open failed for default: No such device
Next by thread: Re: ftp.us.debian.org signature problems?
Index(es):
- Date
- Thread