mismatch 9.0-live & 9.3

To: debian-user@lists.debian.org
Subject: mismatch 9.0-live & 9.3
From: nalyzur@airmail.nz
Date: Fri, 19 Jan 2018 08:25:28 -0000
Message-id: <[🔎] 657e579015af2dce59f13f6e418ff94e@elude.in>

i tried several time without success :
https://cdimage.debian.org/mirror/cdimage/archive/9.0.0-live/amd64/iso-hybrid/
debian-live-9.0.0-amd64-gnome.iso
$ gpg --verify MD5SUMS.sign MD5SUMS
gpg: Signature made Sun 18 Jun 2017 02:32:32 CEST
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key
<debian-cd@lists.debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
$ gpg --verify SHA1SUMS.sign SHA1SUMS
gpg: Signature made Sun 18 Jun 2017 02:32:32 CEST
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key
<debian-cd@lists.debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
$ gpg --verify SHA256SUMS.sign SHA256SUMS
gpg: Signature made Sun 18 Jun 2017 02:32:31 CEST
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key
<debian-cd@lists.debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Sun 18 Jun 2017 02:32:31 CEST
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: BAD signature from "Debian CD signing key
<debian-cd@lists.debian.org>" [unknown]
$ ls
MD5SUMS.sign  SHA1SUMS.sign  SHA256SUMS.sign  SHA512SUMS.sign
MD5SUMS        SHA1SUMS      SHA256SUMS     SHA512SUMS


*Verifying authenticity of Debian CDs

Official releases of Debian CDs come with signed checksum files ... the
signatures on the checksum files allow you to confirm that the files are
the ones officially released by the Debian CD / Debian Live team and have
not been tampered with.

and it was all BAD when i tried 9.3 dvd (posting at
debian-cd@lists.debian.org does not help).

could someone else verify the official 9.3 amd64_gnome dvd 1 & post the
result ?


*if the keys are not the right, Official releases of Debian CDs come
without signed checksum files.
*if i can't install debian i should try ubuntu.

 thx.

Reply to:

Follow-Ups:
- Re: mismatch 9.0-live & 9.3
  - From: john doe <johndoe65534@mail.com>
- Re: mismatch 9.0-live & 9.3
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: I need help
Next by Date: Re: mismatch 9.0-live & 9.3
Previous by thread: Re: I need help
Next by thread: Re: mismatch 9.0-live & 9.3
Index(es):
- Date
- Thread