The problem is who signs, who is not someone whose signature is expected.
wget
https://files.devuan.org/devuan_chimaera/Release_notes.txt -q -O - | grep -A 4 'are signed'
wget
https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS.asc
gpg --verify SHA256SUMS.asc
gpg --keyserver pgp.mit.edu --search-keys E93D7167A4F5FA9E9FED497770285BA5CF280BA4
Ralph Ronnquist (rrq) <ralph.ronnquist@???>
It would be expected that someone@??? or similar, as on
wget
https://files.devuan.org/devuan-archive-keyring.gpg -q -O - | gpg
PS: keys.gnupg.net closed down years ago (talked about here in the list when it happened), but the others (pgp.mit.edu, keys.openpgp.org,...) continue.
Best regards.
En viernes, 25 de febrero de 2022 19:06:27 CET, Lars Noodén via Dng <dng@???> escribió:
I see that the ISO images are signed. I've tried to fetch the signing
key[1] again,
$ gpg --keyserver keys.gnupg.net \
--recv-key E032601B7CA10BC3EA53FA81BB23C00C61FC752C
$ gpg --keyserver keys.gnupg.net \
--recv-key BB23C00C61FC752C
$ gpg --keyserver keys.gnupg.net \
--search-keys BB23C00C61FC752C
but get an error instead with each of the above methods:
gpg: keyserver receive failed: Server indicated a failure
What is the current / correct location to find the public key to check
the releases with?
/Lars
[1]
https://www.devuan.org/os/keyring
_______________________________________________
Dng mailing list
Dng@???
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng