1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.CD

  • Re: MAUVAISE SIGNATURE official release Debian12.11.0-amd64-DVD-1

    From Cyril Brulebois@21:1/5 to All on Wed May 28 05:10:01 2025
    Aline <[email protected]> (2025-05-28):
    ____________________________________________________________
    ls /etc/apt/trusted.gpg.d/
    debian-archive-bookworm-automatic.asc debian-archive-bullseye-automatic.asc debian-archive-trixie-automatic.asc
    debian-archive-bookworm-security-automatic.asc debian-archive-bullseye-security-automatic.asc debian-archive-trixie-security-automatic.asc
    debian-archive-bookworm-stable.asc debian-archive-bullseye-stable.asc debian-archive-trixie-stable.asc_____________________________________________________________
    It does not match :
    SHA256SUMS.signSHA512SUMS.sign

    ------------------------------------------------------------------------------------------------------
    gpg --verify SHA256SUMS.sign debian-12.11.0-amd64-DVD-1.iso
    gpg: Signature faite le sam. 17 mai 2025 19:55:59 CEST
    gpg: avec la clef RSA DF9B9C49EAA9298432589D76DA87E80D6294BE9B
    gpg: MAUVAISE signature de « Debian CD signing key <[email protected]> » [inconnu]

    gpg --verify SHA512SUMS.sign debian-12.11.0-amd64-DVD-1.iso
    gpg: Signature faite le sam. 17 mai 2025 19:55:59 CEST
    gpg: avec la clef RSA DF9B9C49EAA9298432589D76DA87E80D6294BE9Bgpg: MAUVAISE signature de « Debian CD signing key <[email protected]> » [inconnu]

    https://www.debian.org/CD/verify is pretty explicit:

    Pour s'assurer que les fichiers de sommes de contrôle sont eux-mêmes
    corrects, utilisez une implémentation de OpenPGP (telle que GnuPG,
    Sequoia-PGP, PGPainless ou GopenPGP) pour les vérifier à l'aide des
    fichiers de signatures qui les accompagnent (par exemple
    SHA512SUMS.sign).

    And both signatures are OK:

    kibi@tokyo:~$ gpg --verify SHA256SUMS.sign SHA256SUMS
    gpg: Signature made Sat 17 May 2025 19:55:59 CEST
    gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
    gpg: Good signature from "Debian CD signing key <[email protected]>" [ultimate]

    kibi@tokyo:~$ gpg --verify SHA512SUMS.sign SHA512SUMS
    gpg: Signature made Sat 17 May 2025 19:55:59 CEST
    gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
    gpg: Good signature from "Debian CD signing key <[email protected]>" [ultimate]


    Cheers,
    --
    Cyril Brulebois ([email protected]) <https://debamax.com/>
    D-I release manager -- Release team member -- Freelance Consultant

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmg2fLMACgkQ/5FK8MKz VSDsbxAAk7qDpGKaPO2Bpt7q8yt3DSLcSOfXzpzD2YLESQOtVqVeXj9vefMhSxyF pqofAYwbW83/q0UoR8LO8LqCRFxDCTzRWKpdbUGxmU6XZor06BxHEcu/mUXDvHoX LThkPzImkq2zBtkukGEVHU1CxWDYXmlPduHm3cbE+1YUPXwnFQU4sl9fp2QOLGXp Ff4YmymCZIcJWgf1FVpvnzKOhceSK6a1tBGEvzFfGZfu/bOWCsyYjxrsDWfwYCx6 3Ho4hZpvKeD2ql8ruOTfA1J8q5foDjUxIA0CZpCG4yWeF3CFhGVdJBYT3I9Ib27/ RHvlyNAxDNxe8GfxsVw6OkxVDqwW8D5gqC5pPas4xJ4EJ0gbnMZAZDy44jYbbL/g TCl9CYaNgmJweFhePNqrW4RDe+H3kLiJvFth1mPOoTQPUGJ2GaS2D7DoSoNGs+xV DxEFJQYasreefiYes+qxKLVpYm5UZRRsYkUHN2fnkN87sfW8vU0fqFaeWBzARMiP L/Oss5vilArxedMDR/IlbpgvEiPX0+fM/rtClxO/WNIIXj+m/D15g5YYdBRJplBB fpUAXr/Y+ivuO6BVDIz7C33Ds2i2yxvirPnBdzt/YME6O7ymjNgQ02uV/zxttr8H EGk6W1os4MDrfEHBafPiDsBiMhs5im6KFlMH5ousOshDSS3W1eM=
    =KzC5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    *