Is there any TLS encrypted source for downloading the Debian iso signing keys? Of course, from a source verified by a common root certificate. Not from the Debian CA, because there is no way to get this one from a trusted source either, or is there? If the answer is no, which were to correct component to file a bug against? -- http://www.fastmail.fm - Access your email from home and the web