[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The "CD signing key" (6294BE9B)

On Sb, 05 mar 11, 23:47:38, Joel Rees wrote:
> I did go to the trouble of pulling the signatures and checksums off of
> three different more-or-less randomly chosen mirrors, to check they
> were the same, but I'd still feel a little more comfortable taking my
> first spin with Debian if there were more evidence that the key that
> the CDs are being signed with is officially claimed by the project.

$ gpg --list-sigs 6294BE9B
pub   4096R/6294BE9B 2011-01-05
uid                  Debian CD signing key <debian-cd@lists.debian.org>
sig          3442684E 2011-01-05  Steve McIntyre <steve@einval.com>
sig          A40F862E 2011-01-05  Neil McGovern <maulkin@halon.org.uk>
sig          95861109 2011-01-23  Ben Hutchings (DOB: 1977-01-11)
sig          63C7CC90 2011-01-05  Simon McVittie <smcv@pseudorandom.co.uk>
sig 3        6294BE9B 2011-01-05  Debian CD signing key <debian-cd@lists.debian.org>
sub   4096R/11CD9819 2011-01-05
sig          6294BE9B 2011-01-05  Debian CD signing key <debian-cd@lists.debian.org>

Now you need to find a trust-path to one of them. If you have a trusted 
Debian system you can install the package debian-keyring, which should 
contain at least one (most probably all) of the keys above.
> Okay, I did a gpg --recv-keys on the key 6294BE9B from
> keyring.debian.org , and tried gpg --verify on the downloaded netinst
> image, and got the bad signature message. (I think I got the syntax
> right.)

Do you mind posting the exact commands used and output?

Offtopic discussions among Debian users and developers:

Attachment: signature.asc
Description: Digital signature

Reply to: