Dear Sir or Madam, I was trying to verify my Debian download following these instructions:
https://www.debian.org/CD/verify.en.html and found the second part of the instructions (below) unclear: "To ensure that the checksums files themselves are correct, use GnuPG to verify them against the accompanying signature files (e.g. MD5SSUMS.sign). The keys used for these signatures are all in the Debian GPG keyring and the best way to check them is to use that keyring to validate via the web of trust" My understanding of the above is that I need keys to decipher the X.sign file so that I can compare it with the checksum file. Don't I need a KeyID to get the proper key? Where/how do I get it? Best regards, Greg Bereta