Hard to find alternate source of checksums

Lee ler762 at gmail.com
Mon Jun 11 16:14:26 CEST 2018


On 6/11/18, NdK   wrote:
> Il 09/06/2018 19:08, Jeff Martin ha scritto:
>> For a fresh install of GnuPG, I was following the integrity check
>> directions. I have no prior version for GnuPG.
> Why not fetch some (unrelated) live distributions, possibly some older
> ones and some newer ones?
>
> GPG is usually included and you can use it to check the signatures.

If you're not trusting the checksums listed on the website you're not
trusting the signing key fingerprints listed on the site either.  So
you still need to find a release announcement on 2 or 3 different
sites to check the signing key fingerprints.  And know enough to make
sure the auto key retrieval function in GPG is turned off in your live
distro

Lee



More information about the Gnupg-users mailing list