On 2/8/2018 12:34 PM, Jude DaShiell wrote:
running gpg --verify *.sign on all sign files found where debian-buster is downloaded returns bad key and [unknown] on those files. I think the website has got dirty.
- Did you import the Debian signing key? - Which files did you verify (URL used, you should only use debian.org)? - What commands did you use and what are the output of those commands? -- John Doe