<![CDATA[HyperForum — Authenticity check issue.]]> 2020-04-22T23:10:20Z PunBB https://forums.hyperbola.info/viewtopic.php?id=360 <![CDATA[Re: Authenticity check issue.]]> Thanks for the insight and I think using keyring.debian.org is quite better because the project itself is more or less independent.

]]> https://forums.hyperbola.info/profile.php?id=347 2020-04-22T23:10:20Z https://forums.hyperbola.info/viewtopic.php?pid=1902#p1902 <![CDATA[Re: Authenticity check issue.]]> Why mit.edu is better than ubuntu.com? It's a key server not a repository server, I think they are all the same, just only have to work. We can use keyring.debian.org too.

The problem for all key server is the possibility to upload images in the gpg profile that it make it possible and easy to attack the server.

gpg --keyserver SERVER-IT-WORKS-TODAY --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"
]]> 2020-04-22T14:12:11Z https://forums.hyperbola.info/viewtopic.php?pid=1901#p1901 <![CDATA[Re: Authenticity check issue.]]> Is there no other alternative? Canonical is nothing I would see as "reliable". Same argument for having an independent infrastructure!

]]> https://forums.hyperbola.info/profile.php?id=347 2020-04-22T07:39:59Z https://forums.hyperbola.info/viewtopic.php?pid=1900#p1900 <![CDATA[Authenticity check issue.]]> To verify the authenticity of iso they suggest to download the key using the mit.edu servers, but this server is always busy (or down)

gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

I suggest to change the server in the hyperbola guide, for example, with keyserver.ubuntu.com:

gpg --keyserver keyserver.ubuntu.com --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"
]]> 2020-04-22T01:21:06Z https://forums.hyperbola.info/viewtopic.php?pid=1899#p1899