[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unable to verify 64-bit live ISO signature

On Wed, 24 Jun 2020 davidson wrote:

One clarification...

Here are three mutually exclusive cases, of what a system may tell
you, depending on how your reality conforms to conditions (1) and (2)

...regarding the third case:

SIGNING KEY UNKNOWN, bailing out: When (2) is NO

gpg: Signature made Wed 24 Jun 2020 06:58:06 AM EDT
gpg:                using RSA key 2E3F09D22FFDC4ABF32DF441EB18A1C0111F5F49
gpg: Can't check signature: No public key

All is not well. SUMFILE was not signed by a debian role key (or, at
least, not by one in the keyring you specified).

I should restate that last bit more clearly:

 "SUMFILE.sign does not contain a signature from a debian role key"

For all you know, SUMFILE.sign could contain the Hamburglar's
signature! Or Marilyn Monroe's!

And it remains unknown in this case whether (1) is YES or NO. In other
words, we don't know whether SUMFILE.sign contains *anyone*'s
signature for SUMFILE.

If I have said anything incorrect or misleading above, I hope somebody
will correct me.

Firstly, you must always implicitly obey orders, without attempting to
form any opinion of your own respecting their propriety. Secondly, you
must consider every man your enemy who speaks ill of your king; and
thirdly, you must hate a Frenchman, as you do the devil. --H. Nelson

Reply to: