i tried several time without success : https://cdimage.debian.org/mirror/cdimage/archive/9.0.0-live/amd64/iso-hybrid/ debian-live-9.0.0-amd64-gnome.iso $ gpg --verify MD5SUMS.sign MD5SUMS gpg: Signature made Sun 18 Jun 2017 02:32:32 CEST gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B $ gpg --verify SHA1SUMS.sign SHA1SUMS gpg: Signature made Sun 18 Jun 2017 02:32:32 CEST gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B $ gpg --verify SHA256SUMS.sign SHA256SUMS gpg: Signature made Sun 18 Jun 2017 02:32:31 CEST gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
$ gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Sun 18 Jun 2017 02:32:31 CEST gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: BAD signature from "Debian CD signing key <debian...@lists.debian.org>" [unknown] $ ls MD5SUMS.sign SHA1SUMS.sign SHA256SUMS.sign SHA512SUMS.sign MD5SUMS SHA1SUMS SHA256SUMS SHA512SUMS *Verifying authenticity of Debian CDs Official releases of Debian CDs come with signed checksum files ... the signatures on the checksum files allow you to confirm that the files are the ones officially released by the Debian CD / Debian Live team and have not been tampered with. and it was all BAD when i tried 9.3 dvd (posting at debian...@lists.debian.org does not help). could someone else verify the official 9.3 amd64_gnome dvd 1 & post the result ? *if the keys are not the right, Official releases of Debian CDs come without signed checksum files. *if i can't install debian i should try ubuntu. thx.
