Canonical source for the new CD signing key's fingerprint?

To: Debian User List <debian-user@lists.debian.org>
Subject: Canonical source for the new CD signing key's fingerprint?
From: "Todd A. Jacobs" <codegnome.consulting+debian@gmail.com>
Date: Wed, 16 Mar 2011 04:56:42 -0700
Message-id: <[🔎] AANLkTikdYRnQqgJ3xDpsOx2kV6Qbby2Jp1peqqWkFhxB@mail.gmail.com>

I've recently downloaded the net installation image for Squeeze, but
am really uncomfortable with the fact that I can't establish a firm
trust path to the CD signing key. Is there a canonical place to get
the fingerprint of this key, so that at least one can have some
confidence that the key one is validating with is at least the
widely-known (and generally accepted) one?

As a hack, I've done this on an Ubuntu 10.10 system:

  gpg --recv-keys 6294BE9B
  gpg --keyring /usr/share/keyrings/debian-keyring.gpg -kvv 6294BE9B

While this shows that this particular key has been signed by some
Debian developers, it doesn't actually validate that the key is the
official key for verifying the ISOs.

Can anyone point me to ANY debian.org page that defines the official
key for CD images? Major bonus for any official links to fingerprints
for the CD signing key.

Reply to:

Follow-Ups:
- Re: Canonical source for the new CD signing key's fingerprint?
  - From: "Dr. Ed Morbius" <dredmorbius@gmail.com>

Prev by Date: Re: SPAM SPAM SPAM !!! Re: Sip?
Next by Date: Re: SPAM SPAM SPAM !!! Re: Sip?
Previous by thread: Re: problem with sound card
Next by thread: Re: Canonical source for the new CD signing key's fingerprint?
Index(es):
- Date
- Thread