My question is, why sarge-ISO's are not signed with the ftpmaster-key. I want to download a Sarge DVD and verify the Signature of the MD5SUM-File to see if it's not manipulated an I can check the md5-Sums with it later.
gpg tells me, that the signature can not be verified, because I don't have the public key on my keyring. I expected that the ISO's (the MD5SUM-Files) are signed with the ftpmaster-Key, which is on my keyring. If I tell gpg to get the key from the keyserver, it tells me that the Key is not found. After investigating a while in the net I found out, that the key belongs to Steve McIntyre ([EMAIL PROTECTED]), sombody I never heard of. That's shure because I don't konow the debian Project very well. But I don't think it's a very sensfull way to sign the most important downloads with a key only debian-insiders know. Why isn't the ftpmaster key used? -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
