Re: [qubes-users] R3.2_rc3.iso Corrupt Download?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-16 04:41, amadaus wrote: > I have downloaded Qubes R3.2-rc3 iso and in the course of verifying > signatures received the following output: > [user@rubbish ~]$ gpg -v --verify > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' > gpg: armor header: Version: GnuPG v2 > gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID > 03FA5082 > gpg: using PGP trust model > gpg: Good signature from "Qubes OS Release 3 Signing Key" > gpg: binary signature, digest algorithm SHA256 > [user@rubbish ~]$ gpg --list-sig 03FA5082 > pub 4096R/03FA5082 2014-11-19 > uid Qubes OS Release 3 Signing Key > sig 36879494 2014-11-19 Qubes Master Signing Key > sig 3E2986940 2016-01-04 [User ID not found] > sig 303FA5082 2014-11-19 Qubes OS Release 3 Signing Key > > As you can see signature E2986940 is unknown. I imported this key, it > belongs to "Kabine Diane " > This seems very suspicious. Should I delete the iso and try a fresh > download? > Answered previously here: https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3FgVAAoJENtN07w5UDAw+68P/jaZow1G0++1jsdUPmw6rk1P kRXmRSP47Z+6vcM2dajmHUbtg2EIwxHzkNsogUjXoT3y7WZKa5xw7/8YNMge9wY8 DF2XaEkkQ/gAOTqdPgHlP70URia3UPZhiaF+Pr8cR9FY4VrI7aK9ee02hNgGB0MM ywhSlO1pTliP9SrkdgVRy/rZA6x6f7Xrdte1s5aA0TdX7kIXpij+ZtYpuMFxbeKa L1ISrsjH2xc0dtB/5sjZnOy98PbDKpo7Lvz6gWclmtaYTgH7C3sPtJDmfHxqmbBd xegVvI03UNidTnDqfZpjRL060t1nA/VSgBguxrukRwW3/kJ2W5TD0arl2qFe+ZZd JqYgI32SoEXjRrilE2nBIEzTsFICfLZDDzeTPdhmwIQ3SKdZWY0/0TBbfeHW5QW0 yyl4lagt2zJ9ZFXLGnN+pUoUA3weGRinfLo7fyzZIEtnHeqdKylnJSIkfbI5UEbS zp3NsRuCfvvn9Dm2oqBySOEFUEOInfy4AtacYdxQIPmgXvx7GZXb4+xsQI4bHNyH f75WOIMlR+ZOPfRd0mHjh/VF5PZPA8a2SfF28zGEFnOpwjzYYPGAU0J5FcozffHJ 3AabXA+k3vrHQxwUbASLzfdu3yCRODdU7s2odWZPi7KoHJScKRTjTSFxXO6Swy0s qxhJLZYYs4X1390BN5yN =y88c -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9aa18df-166e-1c18-a917-8356037ad4e3%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2_rc3.iso Corrupt Download?
On Fri, Sep 16, 2016 at 11:41:30AM +, amadaus wrote: > I have downloaded Qubes R3.2-rc3 iso and in the course of verifying > signatures received the following output: > [user@rubbish ~]$ gpg -v --verify > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' > gpg: armor header: Version: GnuPG v2 > gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID > 03FA5082 > gpg: using PGP trust model > gpg: Good signature from "Qubes OS Release 3 Signing Key" > gpg: binary signature, digest algorithm SHA256 > [user@rubbish ~]$ gpg --list-sig 03FA5082 > pub 4096R/03FA5082 2014-11-19 > uid Qubes OS Release 3 Signing Key > sig 36879494 2014-11-19 Qubes Master Signing Key > sig 3E2986940 2016-01-04 [User ID not found] > sig 303FA5082 2014-11-19 Qubes OS Release 3 Signing Key > > As you can see signature E2986940 is unknown. I imported this key, it > belongs to "Kabine Diane " > This seems very suspicious. Should I delete the iso and try a fresh > download? Anyone can sign anyone's key and upload it to the keyservers. A presence of an unknown signature on a key doesn't invalidate it in any way. As long as there is a signature you do trust (DDFA1A3E36879494), the key is valid. Regards, -- Konstantin Ryabitsev Linux Foundation Collab Projects Montréal, Québec -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160916121846.GA2126%40gmail.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] R3.2_rc3.iso Corrupt Download?
I have downloaded Qubes R3.2-rc3 iso and in the course of verifying signatures received the following output: [user@rubbish ~]$ gpg -v --verify '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' gpg: armor header: Version: GnuPG v2 gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID 03FA5082 gpg: using PGP trust model gpg: Good signature from "Qubes OS Release 3 Signing Key" gpg: binary signature, digest algorithm SHA256 [user@rubbish ~]$ gpg --list-sig 03FA5082 pub 4096R/03FA5082 2014-11-19 uid Qubes OS Release 3 Signing Key sig 36879494 2014-11-19 Qubes Master Signing Key sig 3E2986940 2016-01-04 [User ID not found] sig 303FA5082 2014-11-19 Qubes OS Release 3 Signing Key As you can see signature E2986940 is unknown. I imported this key, it belongs to "Kabine Diane " This seems very suspicious. Should I delete the iso and try a fresh download? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nrglpa%24btn%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.