Linux Archive

Linux Archive (
-   Debian Laptop (
-   -   doubt about live CD/DVD signing key (

llcfree 04-08-2012 05:03 PM

doubt about live CD/DVD signing key
Can you please tell me whether I can trust the debian signing key of the
live CDs/DVDs? Thanks.

After adding the key to the keyring, I get:

gpg --verify SHA256SUMS.sign SHA256SUMS
gpg: Signature made Mon 17 Oct 2011 14:55:55 CEST using RSA key ID
gpg: Good signature from "Debian Live Signing Key
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
Primary key fingerprint: 696F 95F0 88E4 D359 947F 7AEB 6F95 B499 6CA7

The key does not appear in this page:

Someone else had the same problem, what follows is taken from the debian
forum, but there was no reply:

The Debian-Live DVD signing key has fingerprint

Code: Select all
696F 95F0 88E4 D359 947F 7AEB 6F95 B499 6CA7 B5A6

It is signed by one person

Code: Select all
sig sig3 6CA7B5A6 2011-03-09 __________ 2021-02-01 [selfsig]
sig sig 4B2B2B9E 2011-03-12 __________ __________ Daniel Baumann

Baumann has signed his key 4B2B2B9E with various other identities he
owns, but apparently no-one else has signed his key! Thus, the GPG
signed files containing the checksums for the Debian-live DVDs appear to
be questionable.

(I munged the email addresses.)

Does anyone know why these keys are treated so differently? It could be
important if for some reason I wanted to install from one of the live
DVDs (each about 1GB) rather than the full (4.4 GB) DVD #1.

-- loredana

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Archive: 1333904591.3471.16.camel@grid00.home">

All times are GMT. The time now is 01:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.