Hard to find alternate source of checksums
jmtechwork at gmail.com
Sat Jun 16 19:47:31 CEST 2018
> So you still need to find a release announcement on 2 or 3 different
> sites to check the signing key fingerprints.
You have hit the heart of my problem. I cannot find these 2 or 3 different sites
That is why I came to this mailing list: for hints on how to find
these other sites.
My DDG & Goole searches were not enough.
On Mon, Jun 11, 2018 at 9:14 AM, Lee <ler762 at gmail.com> wrote:
> On 6/11/18, NdK wrote:
>> Il 09/06/2018 19:08, Jeff Martin ha scritto:
>>> For a fresh install of GnuPG, I was following the integrity check
>>> directions. I have no prior version for GnuPG.
>> Why not fetch some (unrelated) live distributions, possibly some older
>> ones and some newer ones?
>> GPG is usually included and you can use it to check the signatures.
> If you're not trusting the checksums listed on the website you're not
> trusting the signing key fingerprints listed on the site either. So
> you still need to find a release announcement on 2 or 3 different
> sites to check the signing key fingerprints. And know enough to make
> sure the auto key retrieval function in GPG is turned off in your live
More information about the Gnupg-users