Hi Jimmy.
Thank you for your reply. But please see below for comments.
On Sun, 10 Aug 2014, Jimmy Johnson wrote:
david...@ling.ohio-state.edu wrote:
Good {evening,morning,afternoon}, fellow anglophones.
I am running Wheezy, and I plan to prepare a debian live cd using this
file:
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-7.6.0-amd64-standard.iso
Before doing this, however, I would like to verify the authenticity of
the SHA512SUMS file which I believe I obtained from here:
[snipped lots of stuff]
| gpgv: Can't check signature: public key not found
This was not the outcome I was hoping for, but I am not sure what to
do next.
I've always have good luck using the md5sum, open the console where the .iso
is and type:$'md5sum debian-live-7.6.0-amd64-standard.iso' ,it's fast and
easy. :)
And then, if you were going that route, you would compare the result
of that command with the corresponding hash in some reference file,
probably named something like MD5SUMS.
But, you might ask yourself, how do we know that the hashes in that
reference file are from a trusted source?
For that, you would look for a file called something like MD5SUMS.sig,
which would be the result of signing MD5SUMS with someone's private
key.
You would then want to obtain the public keys of trusted sources, and
then see which, if any, of those keys verified the signature in
MD5SUMS.sig.
It is this step that I am stalled at. I'm using sha512sums, not
md5sums, but I would still be stalled, your advice notwithstanding, if
I were using md5sums.
I hope this clarifies what I am looking for.
-wes
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/alpine.deb.2.02.1408110004160.23...@brutus.ling.ohio-state.edu
