FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-07-2010, 10:13 PM
Sven Joachim
 
Default lenny iso signed with key 64E6EA7D

On 2010-07-07 23:51 +0200, Rob Owens wrote:

> I downloaded the latest Lenny netinst for i386. The SHA512SUMS file is
> signed with a key id of 64E6EA7D. However, I can't find any info on
> that key anywhere. I tried searching public keyservers and googling for
> it, but nothing has turned up.

I don't have an idea either, but maybe you can find help on the
debian-cd mailinglist.

Sven


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87zky3vt20.fsf@turtle.gmx.de">http://lists.debian.org/87zky3vt20.fsf@turtle.gmx.de
 
Old 07-07-2010, 10:14 PM
Jimmy Johnson
 
Default lenny iso signed with key 64E6EA7D

Rob Owens wrote:

I downloaded the latest Lenny netinst for i386. The SHA512SUMS file is
signed with a key id of 64E6EA7D. However, I can't find any info on
that key anywhere. I tried searching public keyservers and googling for
it, but nothing has turned up.

Call me paranoid, but I never install a system unless I can verify the
signature...

Can anybody shed some light on this?



Call me less paranoid, if the md5sum match, it's good for me. :-)
--
Jimmy Johnson

Ubuntu lucid KDE 3.5.11 - EXT4 at sda10
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C34FC3A.5080409@gmail.com">http://lists.debian.org/4C34FC3A.5080409@gmail.com
 
Old 07-07-2010, 10:27 PM
Steve McIntyre
 
Default lenny iso signed with key 64E6EA7D

Rob Owens wrote:
>I downloaded the latest Lenny netinst for i386. The SHA512SUMS file is
>signed with a key id of 64E6EA7D. However, I can't find any info on
>that key anywhere. I tried searching public keyservers and googling for
>it, but nothing has turned up.
>
>Call me paranoid, but I never install a system unless I can verify the
>signature...
>
>Can anybody shed some light on this?

Hi Rob,

Which keyservers did you use?

$ gpg --keyserver keys.gnupg.net --recv-keys 64E6EA7D
gpg: requesting key 64E6EA7D from hkp server keys.gnupg.net
gpg: key 64E6EA7D: public key "Debian CD signing key <debian-cd@lists.debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

It's also on keyring.debian.org. I created the key for signing Debian
CD releases, and it's signed by a number of people including two
previous DPLs and members of the release team:

$ gpg --list-sigs 64E6EA7D
pub 4096R/64E6EA7D 2009-10-03
uid Debian CD signing key <debian-cd@lists.debian.org>
sig 3 64E6EA7D 2009-10-03 Debian CD signing key <debian-cd@lists.debian.org>
sig 88C7C1F7 2009-10-03 Steve McIntyre <steve@einval.com>
sig 3442684E 2009-10-03 Steve McIntyre <steve@einval.com>
sig AFF122B0 2009-10-03 Christopher J. Walker <C.J.Walker@physics.org>
sig 29982E5A 2009-10-03 Steve Langasek <vorlon@dodds.net>
sig 68FD549F 2009-10-05 Martin Michlmayr <tbm@cyrius.com>
sig 01AA4A64 2009-10-03 Steve Langasek <steve.langasek@canonical.com>
sig AF6C61DD 2009-10-05 Martin Michlmayr <tbm@cyrius.com>
sig 95861109 2009-10-06 Ben Hutchings (DOB: 1977-01-11)
sig A40F862E 2009-10-09 Neil McGovern <maulkin@halon.org.uk>
sig 0125D5C0 2009-10-14 Philip Hands <phil@hands.com>

--
Steve McIntyre, Cambridge, UK. steve@einval.com
"The problem with defending the purity of the English language is that
English is about as pure as a cribhouse whore. We don't just borrow words; on
occasion, English has pursued other languages down alleyways to beat them
unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1OWd5m-000612-9r@jack.mossbank.org.uk">http://lists.debian.org/E1OWd5m-000612-9r@jack.mossbank.org.uk
 
Old 07-08-2010, 06:45 AM
Camaleón
 
Default lenny iso signed with key 64E6EA7D

On Wed, 07 Jul 2010 15:14:18 -0700, Jimmy Johnson wrote:

> Rob Owens wrote:
(...)
>> Call me paranoid, but I never install a system unless I can verify the
>> signature...
>>
>> Can anybody shed some light on this?
>
>
> Call me less paranoid, if the md5sum match, it's good for me. :-)

+1

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.07.08.06.45.36@gmail.com">http://lists.debian.org/pan.2010.07.08.06.45.36@gmail.com
 
Old 07-08-2010, 02:41 PM
Camaleón
 
Default lenny iso signed with key 64E6EA7D

On Wed, 07 Jul 2010 15:14:18 -0700, Jimmy Johnson wrote:

(re-sent... is the list up-&-running?) :-?

> Rob Owens wrote:
(...)
>> Call me paranoid, but I never install a system unless I can verify the
>> signature...
>
> Call me less paranoid, if the md5sum match, it's good for me. :-)

+1

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.07.08.14.41.32@gmail.com">http://lists.debian.org/pan.2010.07.08.14.41.32@gmail.com
 
Old 07-08-2010, 11:26 PM
Rob Owens
 
Default lenny iso signed with key 64E6EA7D

On Wed, Jul 07, 2010 at 11:27:46PM +0100, Steve McIntyre wrote:
> Rob Owens wrote:
> >I downloaded the latest Lenny netinst for i386. The SHA512SUMS file is
> >signed with a key id of 64E6EA7D. However, I can't find any info on
> >that key anywhere. I tried searching public keyservers and googling for
> >it, but nothing has turned up.
> >
> >Call me paranoid, but I never install a system unless I can verify the
> >signature...
> >
> >Can anybody shed some light on this?
>
> Hi Rob,
>
> Which keyservers did you use?
>
I used the ones that Seahorse defaults to:

hkp://pgp.mit.edu:11371
ldap://keyserver.pgp.com
hkp://subkeys.pgp.net

> $ gpg --keyserver keys.gnupg.net --recv-keys 64E6EA7D
> gpg: requesting key 64E6EA7D from hkp server keys.gnupg.net
> gpg: key 64E6EA7D: public key "Debian CD signing key <debian-cd@lists.debian.org>" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1 (RSA: 1)
>
I tried this and it worked. Thanks!

Seahorse seems to be acting a little flaky. I can find this key by its
email address, but not its key ID, apparently.

> It's also on keyring.debian.org. I created the key for signing Debian
> CD releases, and it's signed by a number of people including two
> previous DPLs and members of the release team:
>
I had tried rsyncing debian-keyring.gpg and then checking the signature
with that keyring, but it did not work.

rsync -az --progress keyring.debian.org::keyrings/keyrings/debian-keyring.gpg ./debian-keyring.gpg
gpg --keyring ./debian-keyring.gpg --verify SHA512SUMS.sign SHA512SUMS

...which gave me:
gpg: Signature made Sun 27 Jun 2010 09:05:47 PM EDT using RSA key ID 64E6EA7D
gpg: Can't check signature: public key not found

> $ gpg --list-sigs 64E6EA7D
> pub 4096R/64E6EA7D 2009-10-03
> uid Debian CD signing key <debian-cd@lists.debian.org>
> sig 3 64E6EA7D 2009-10-03 Debian CD signing key <debian-cd@lists.debian.org>
> sig 88C7C1F7 2009-10-03 Steve McIntyre <steve@einval.com>
> sig 3442684E 2009-10-03 Steve McIntyre <steve@einval.com>
> sig AFF122B0 2009-10-03 Christopher J. Walker <C.J.Walker@physics.org>
> sig 29982E5A 2009-10-03 Steve Langasek <vorlon@dodds.net>
> sig 68FD549F 2009-10-05 Martin Michlmayr <tbm@cyrius.com>
> sig 01AA4A64 2009-10-03 Steve Langasek <steve.langasek@canonical.com>
> sig AF6C61DD 2009-10-05 Martin Michlmayr <tbm@cyrius.com>
> sig 95861109 2009-10-06 Ben Hutchings (DOB: 1977-01-11)
> sig A40F862E 2009-10-09 Neil McGovern <maulkin@halon.org.uk>
> sig 0125D5C0 2009-10-14 Philip Hands <phil@hands.com>
>
Thanks for your help.

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100708232636.GA24769@aurora.owens.net">http://lists.debian.org/20100708232636.GA24769@aurora.owens.net
 
Old 07-09-2010, 10:39 AM
Steve McIntyre
 
Default lenny iso signed with key 64E6EA7D

Rob Owens wrote:
>On Wed, Jul 07, 2010 at 11:27:46PM +0100, Steve McIntyre wrote:
>>
>> Which keyservers did you use?
>>
>I used the ones that Seahorse defaults to:
>
>hkp://pgp.mit.edu:11371
>ldap://keyserver.pgp.com
>hkp://subkeys.pgp.net
>
>> $ gpg --keyserver keys.gnupg.net --recv-keys 64E6EA7D
>> gpg: requesting key 64E6EA7D from hkp server keys.gnupg.net
>> gpg: key 64E6EA7D: public key "Debian CD signing key <debian-cd@lists.debian.org>" imported
>> gpg: no ultimately trusted keys found
>> gpg: Total number processed: 1
>> gpg: imported: 1 (RSA: 1)
>>
>I tried this and it worked. Thanks!
>
>Seahorse seems to be acting a little flaky. I can find this key by its
>email address, but not its key ID, apparently.

Great. :-( Using gpg, I can pull the key down just fine from
pgp.mit.edu at least. subkeys.pgp.net is currently just timing out for
me.

>> It's also on keyring.debian.org. I created the key for signing Debian
>> CD releases, and it's signed by a number of people including two
>> previous DPLs and members of the release team:
>>
>I had tried rsyncing debian-keyring.gpg and then checking the signature
>with that keyring, but it did not work.
>
>rsync -az --progress keyring.debian.org::keyrings/keyrings/debian-keyring.gpg ./debian-keyring.gpg
>gpg --keyring ./debian-keyring.gpg --verify SHA512SUMS.sign SHA512SUMS
>
>...which gave me:
>gpg: Signature made Sun 27 Jun 2010 09:05:47 PM EDT using RSA key ID 64E6EA7D
>gpg: Can't check signature: public key not found

Ah. It's in keyrings/debian-role-keys.gpg, not
keyrings/debian-keyring.gpg - it's a role key, not a personal key...

>> $ gpg --list-sigs 64E6EA7D
>> pub 4096R/64E6EA7D 2009-10-03
>> uid Debian CD signing key <debian-cd@lists.debian.org>
>> sig 3 64E6EA7D 2009-10-03 Debian CD signing key <debian-cd@lists.debian.org>
>> sig 88C7C1F7 2009-10-03 Steve McIntyre <steve@einval.com>
>> sig 3442684E 2009-10-03 Steve McIntyre <steve@einval.com>
>> sig AFF122B0 2009-10-03 Christopher J. Walker <C.J.Walker@physics.org>
>> sig 29982E5A 2009-10-03 Steve Langasek <vorlon@dodds.net>
>> sig 68FD549F 2009-10-05 Martin Michlmayr <tbm@cyrius.com>
>> sig 01AA4A64 2009-10-03 Steve Langasek <steve.langasek@canonical.com>
>> sig AF6C61DD 2009-10-05 Martin Michlmayr <tbm@cyrius.com>
>> sig 95861109 2009-10-06 Ben Hutchings (DOB: 1977-01-11)
>> sig A40F862E 2009-10-09 Neil McGovern <maulkin@halon.org.uk>
>> sig 0125D5C0 2009-10-14 Philip Hands <phil@hands.com>
>>
>Thanks for your help.

No problem. :-)

--
Steve McIntyre, Cambridge, UK. steve@einval.com
"The problem with defending the purity of the English language is that
English is about as pure as a cribhouse whore. We don't just borrow words; on
occasion, English has pursued other languages down alleyways to beat them
unconscious and rifle their pockets for new vocabulary." -- James D. Nicoll


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1OXAzr-0002j0-4y@jack.mossbank.org.uk">http://lists.debian.org/E1OXAzr-0002j0-4y@jack.mossbank.org.uk
 

Thread Tools




All times are GMT. The time now is 06:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org