[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Signature debian CDs


I downloaded the netinst CD image for the installation of debian. I
have an Ubuntu computer where I checked the md5sum and the sha1sum. I
also tried to check the signature doing the following:
gpg --keyserver keyring.debian.org --recv-keys 6294BE9B
gpg --verify MD5SUMS.sign MD5SUMS

Is this the right procedure?

I get a warning:
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

How does gpg check the authenticity of keyring.debian.org? Does it
check it through a master keyserver?


Reply to: