The "CD signing key" (6294BE9B)

To: debian-user@lists.debian.org
Subject: The "CD signing key" (6294BE9B)
From: Joel Rees <joel.rees@gmail.com>
Date: Sat, 5 Mar 2011 23:47:38 +0900
Message-id: <[🔎] AANLkTikDy7J1bbnYxbkRe9ovpEwixO4Tej19TfnqN2oc@mail.gmail.com>

I found three posts on this back in January,

http://lists.debian.org/debian-user/2011/01/msg01775.html

but the documentation still says nothing about why the "CD signing
key" should be different from the archive key and why the CD signing
key was never announced, etc.

I did go to the trouble of pulling the signatures and checksums off of
three different more-or-less randomly chosen mirrors, to check they
were the same, but I'd still feel a little more comfortable taking my
first spin with Debian if there were more evidence that the key that
the CDs are being signed with is officially claimed by the project.

Okay, I did a gpg --recv-keys on the key 6294BE9B from
keyring.debian.org , and tried gpg --verify on the downloaded netinst
image, and got the bad signature message. (I think I got the syntax
right.)

So, what gives, here? Anybody care to give me a clue?

Reply to:

Follow-Ups:
- Re: The "CD signing key" (6294BE9B)
  - From: Camaleón <noelamac@gmail.com>
- Re: The "CD signing key" (6294BE9B)
  - From: Andrei Popescu <andreimpopescu@gmail.com>

Prev by Date: Re: proffer for web server in debian 6
Next by Date: Re: Autofs not respecting uid in auto.removable
Previous by thread: Re: the output of ls /var/lib/apt/lists/*.debian.org_* | wc -l is not constant
Next by thread: Re: The "CD signing key" (6294BE9B)
Index(es):
- Date
- Thread