|
studying keys and verification of sums
Hi-
I am studying to check each step with making sure ubuntu is safe. http://askubuntu.com/questions/25372...source-package In the next links: it is the clarkson university mirror: http://mirror.clarkson.edu/ubuntu/dists/precise/ The mirror gives me the Release.gpg file, but I don't see the packages file to check shasum against Release file. e.g. sha256sum Packages "Of course you'll need to verify the key in some other means (like the Debian/Ubuntu maintainers key, checking it from launchpad, etc, etc...)" How do I find debian/ubuntu maintainers key? Is it by lookup with public keyserver? On launchpad, they list key with fingerprint. My thoughts were to check and verify the iso files and then go through the process to check the signature in the Release files, do a sum with package, and a sum with a couple of individual package files to make sure everything checked out. Thanks for any input! Is the step for verify individual package files of debian the same as for ubuntu packages? thanks!! |
Hi-
I answered one of my own questions. I couldn't find packages at clarkson university mirror. It found it is located in : http://mirror.clarkson.edu/ubuntu/di...n/binary-i386/ I will still look to see if the maintainers key is on a website or if it is just located on a public keyserver. Some sites list their keys. thanks very much, mtdew3q |
You should run:
Code:
gpg --verify Release.gpgCode:
gpg --search 0000000ECode:
gpg --keyserver wwwkeys.pgp.net --recv-keys 0000000E |
studying keys and verification of sums
Hi- metaschima
I ran gpg --verify Release.gpg Release Then I searched the key on a keyserver. I then could verify the fingerprint. Is that the way you would check it (against a public keyserver)? thanks! |
HI- metaschima
very cool. thanks! Hope you have a cool rest of the weekend :-) mtdew3q |
Quote:
|
| All times are GMT -5. The time now is 03:44 AM. |