Re: you iso's may have been hacked

To: debian-user@lists.debian.org
Subject: Re: you iso's may have been hacked
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Wed, 10 Aug 2016 16:21:44 +0200
Message-id: <[🔎] 5501588124996356874@scdbackup.webframe.org>
In-reply-to: <[🔎] E1bXSuY-0007yG-8t@mail.einval.com>
References: <[🔎] E1bXSuY-0007yG-8t@mail.einval.com>

Hi,

Steve McIntyre wrote:
> It's also contained in the debian-role-keys keyring in the
> debian-keyring package: [...]
> and the full fingerprint is also on the Debian website using https for
> people who would rather trust that.

We users could easily be outsmarted in this aspect, i fear.
It's hard to tell whom to trust and how to avoid being spoofed by others.

In any case somebody with edit powers should replace in

  https://www.debian.org/CD/faq/#verify

"SHA1" and "MD5" by "SHA512".
Just to make this aspect safe for the next few years ... hopefully.

Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: you iso's may have been hacked
  - From: Steve McIntyre <steve@einval.com>

References:
- Re: you iso's may have been hacked
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: More problems
Next by Date: Re: machine checks on Dell R815 under jessie
Previous by thread: Re: you iso's may have been hacked
Next by thread: Re: you iso's may have been hacked
Index(es):
- Date
- Thread