Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-28 Thread Jeffrey Walton
On Fri, Mar 28, 2025 at 8:42 PM Pier Antonio Corradini wrote: > > I think I got it: the final step is to compare the fingerprint of the primary > key, at the end of the command output > > PS C:\Users\CP\Documents\Linux\Debian12.10.0\HTTPVersion> gpg --verify > SHA512SUMS.sign SHA512SUMS.txt > gp

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-28 Thread Thomas Schmitt
Hi, Pier Antonio Corradini wrote: > gpg: Firma valida da "Debian CD signing key " Jay ! \o/ > gpg: ATTENZIONE: questa chiave non è certificata con una firma fidata! > gpg:          Non ci sono indicazioni che la firma appartenga al proprietario. Regrettably gpg still assumes a web of trust to

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-28 Thread Thomas Schmitt
Hi, Pier Antonio Corradini wrote: > So now the authenticity check is complete and the authenticity is completely > sure? Yes. Until a quantum computer cracks the riddle how to generate an own key with the same fingerprint. (There are other risks, too, which are not prevented by signature with unc

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-28 Thread Thomas Schmitt
Hi, i realize that i posted the content of the wrong SHA512SUMS file. The one i posted was from debian 12.7.0. Nevertheless the SHA512 sums which i posted earlier are of the files from 12.10.0 which i downloaded yesterday. Pier Antonio Corradini wrote: > The content of these links, seen now, is

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-28 Thread Thomas Schmitt
Hi, Pier Antonio Corradini wrote: > 3D0BA303805111F651A88D96FC64867FFC678E43F3756F5F91B24A810D91015E459... > C:\Users\CP\Documents\Linux\Debian12.10.0\VersioneHTTP\SHA512SUMS.txt I get 36bf1f16bc4b9795122b7b3542a32f34c3be0ef294ff3a8bf43232df6554b69b569fe15d93c79ee48a47902e1a6ad87ca9966988cd4b

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-28 Thread Thomas Schmitt
Hi, (Please Cc: debian-user@lists.debian.org with your replies. I sent my mail with Cc; to you, because the X-Spam-Status: header of your list mail did not indicate that you are subscribed to the list.) Pier Antonio Corradini wrote: > So... first step: > PS C:\Users\CP> gpg --keyserver hkps://ke

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

2025-03-27 Thread Thomas Schmitt
Hi, Pier Antonio Corradini wrote: > Autenticity control (gpg --verify SHA512SUMS.sign SHA512SUMS.txt): > [...] > gpg:                utilizzando la chiave RSA > DF9B9C49EAA9298432589D76DA87E80D6294BE9B > gpg: Firma BAD da "Debian CD signing key " I assume that "Firma BAD" means bad signature. I