[email protected] wrote: > >Hopefully this is the correct list to report this, if not, I'd >appreciate it if you could point me in the right direction.
Here's OK; I'm the person who signs things... :-) I've taken a look directly on the cdimage server at your problem reports. >There seem to be problems with the PGP signatures for the >debian-installer ISO images including non-free firmware hosted here: >http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/ > >Some of the images, such as wheezy_di_rc1, have no signatures (no .sign >files present). Gah, apologies for that. It looks like I forgot to put the signatures in place there. I'll fix that right now. >Others, such as the "current" images dated >2013-02-23/2013-02-24, seem to have an invalid signature (I am >verifying against keys in the debian-keyring 2012.11.15 package from >wheezy): > >david@spongebob:~/Downloads$ gpg2 -v >--keyring /usr/share/keyrings/debian-role-keys.gpg -v SHA256SUMS.sign >gpg: armor: BEGIN PGP SIGNATURE Version: GnuPG v1.4.12 (GNU/Linux) >:signature packet: algo 1, keyid DA87E80D6294BE9B > version 4, created 1361115854, md5len 0, sigclass 0x00 > digest algo 8, begin of digest 69 3e > hashed subpkt 2 len 4 (sig created 2013-02-17) > subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B) > data: [4096 bits] >gpg: armor header: >gpg: assuming signed data in `SHA256SUMS' >gpg: Signature made sun 17.feb 2013, 15:44:14 GMT using RSA key ID >6294BE9B gpg: using PGP trust model >gpg: key 372523E0: accepted as trusted key >gpg: BAD signature from "Debian CD signing key ><[email protected]>" gpg: binary signature, digest algorithm >SHA256 This I cannot reproduce at all; I've checked all the signatures just now and they verify OK. I think you've got a mix of files from two places there: all of the signature files are dated "Feb 24 00:42" but you've got a file claiming the sig was made "sun 17.feb 2013, 15:44:14 GMT". Checking the timestamps of other .sign files on the server, that's most likely one from the main wheezy d-i RC1 release as far as I can tell. -- Steve McIntyre, Cambridge, UK. [email protected] "It's actually quite entertaining to watch ag129 prop his foot up on the desk so he can get a better aim." [ seen in ucam.chat ] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
