diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2015-06-11 18:51:43 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2015-06-11 18:51:43 -0300 |
commit | 2a51757c2d33ddc8c5eb001177f7530f6116b73d (patch) | |
tree | cebdab8b67d6c2341eab74ff6090b5f217e7e3c5 | |
parent | d1ec220a76a182a3d821928c694bd419d9cdd072 (diff) | |
download | debian-2a51757c2d33ddc8c5eb001177f7530f6116b73d.tar.gz debian-2a51757c2d33ddc8c5eb001177f7530f6116b73d.tar.bz2 |
Checking the source: debian images
-rw-r--r-- | checking.md | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/checking.md b/checking.md index f0a71a8..f99fa1d 100644 --- a/checking.md +++ b/checking.md @@ -1,11 +1,20 @@ Checking the source =================== +Debian Images +------------- + +See [Verifying authenticity of Debian CDs](https://www.debian.org/CD/verify). + +Source packages +--------------- + This is the trick part. In theory, you could run just dscverify *.dsc -Which would check if the signature was made for a key included in the `debian-keyring` package. +Which would check if the signature was made for a key included in the `debian-keyring` package or if you +have a verification path with the signing key. In practice, it should always work for sources you download from the **same** Debian version you're running. But sources you download from newer versions might not work, depending basically if the maintainer's key is @@ -116,4 +125,3 @@ See also: * [Debian Public Key Server](http://keyring.debian.org/). * [apt get - How to get apt-get source verification working? - Super User](https://superuser.com/questions/626810/how-to-get-apt-get-source-verification-working). * [Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY - Server Fault](http://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g/337283#337283). - |