Bug#721623: marked as done (release.debian.org: installer images are not signed.)

Mon, 02 Sep 2013 09:28:12 -0700 

Your message dated Mon, 02 Sep 2013 18:22:28 +0200
with message-id <[email protected]>
and subject line Re: Bug#721623: release.debian.org: installer images are not 
signed.
has caused the Debian Bug report #721623,
regarding release.debian.org: installer images are not signed.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
721623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721623
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: important

Hello,

the installer images (such as released on
http://http.us.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/)
have SHA and MD5 signatures but no signature whatsoever.

How is one supposed to verify the integrity of the installers?

Thanks


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (910, 'testing'), (900, 'stable'), (610, 'oldstable'), (500, 
'testing'), (410, 'unstable'), (200, 'experimental'), (150, 'precise-updates'), 
(150, 'precise-security'), (150, 'precise')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
On 09/02/2013 15:45, Michal Suchanek wrote:
> Package: release.debian.org
The right pseudo-package would be ftp.debian.org.

> the installer images (such as released on
> http://http.us.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/)
> have SHA and MD5 signatures but no signature whatsoever.
> 
> How is one supposed to verify the integrity of the installers?

dists/*/Release and dists/*/InRelease are signed and include a hash for
the MD5SUMS/SHA1SUMS hashes in the installer directory:

 35[...]    10309 main/installer-amd64/20130613/images/MD5SUMS
 d8[...]    14289 main/installer-amd64/20130613/images/SHA256SUMS

Ansgar

--- End Message ---

Reply via email to