On Fri, May 30, 2014, at 11:27 PM, Michael Stone wrote: > On Fri, May 30, 2014 at 09:24:47AM -0400, Michael Stone wrote: > >That's why you verify the initial install media per the link I posted > >earlier... > > Oh, and those key fingerprints are on an https page for those who > actually trust the CA system.
That was my next question. If the fingerprints are on a HTTPS served page, then yes that seems like a valid solution. And thanks Reid Sutherland for telling me I have no clue. Much appreciated. Alfie -- Alfie John alf...@fastmail.fm -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1401456637.10889.123292765.031db...@webmail.messagingengine.com
