I've recently downloaded the net installation image for Squeeze, but am really uncomfortable with the fact that I can't establish a firm trust path to the CD signing key. Is there a canonical place to get the fingerprint of this key, so that at least one can have some confidence that the key one is validating with is at least the widely-known (and generally accepted) one?
As a hack, I've done this on an Ubuntu 10.10 system: gpg --recv-keys 6294BE9B gpg --keyring /usr/share/keyrings/debian-keyring.gpg -kvv 6294BE9B While this shows that this particular key has been signed by some Debian developers, it doesn't actually validate that the key is the official key for verifying the ISOs. Can anyone point me to ANY debian.org page that defines the official key for CD images? Major bonus for any official links to fingerprints for the CD signing key. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikdyrnqqgj3xdpsox2kv6qbby2jp1peqqwkf...@mail.gmail.com
