Re: you iso's may have been hacked
Thomas Schmitt wrote:
>Hi,
>
>Andrew F Comly wrote:
>> gpg: WARNING: This key is not certified with a trusted signature!
>
>I wonder whom we could trust to certify the Debian gpg key ...
It's signed by a number of prominent DDs, including 2 DPLs and 2
Release Managers. Oh, and a number of idiots who don't understand GPG:
they have signed it and pushed signatures to the keyservers without
any fingerprint verification. :-(
It's also contained in the debian-role-keys keyring in the
debian-keyring package:
gpg --no-default-keyring -kvc --keyring /usr/share/keyrings/debian-role-keys.gpg DA87E80D6294BE9B
pub 4096R/DA87E80D6294BE9B 2011-01-05
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
uid Debian CD signing key <debian-cd@lists.debian.org>
sub 4096R/642A5AC311CD9819 2011-01-05
and the full fingerprint is also on the Debian website using https for
people who would rather trust that.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.
Reply to: