Why are sarge-ISO's not signed with the ftpmaster-key???
My question is, why sarge-ISO's are not signed with the ftpmaster-key.
I want to download a Sarge DVD and verify the Signature of the
MD5SUM-File to see if it's not manipulated an I can check the md5-Sums
with it later.
gpg tells me, that the signature can not be verified, because I don't
have the public key on my keyring. I expected that the ISO's (the
MD5SUM-Files) are signed with the ftpmaster-Key, which is on my
keyring.
If I tell gpg to get the key from the keyserver, it tells me that the Key is not found. After investigating a while in the net I found out, that the key belongs to Steve McIntyre (steve@einval.com), sombody I never heard of. That's shure because I don't konow the debian Project very well. But I don't think it's a very sensfull way to sign the most important downloads with a key only debian-insiders know. Why isn't the ftpmaster key used?
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
Reply to: