<![CDATA[HyperForum — Authenticity check issue.]]> https://forums.hyperbola.info/viewtopic.php?id=360 Wed, 22 Apr 2020 23:10:20 +0000 PunBB <![CDATA[Re: Authenticity check issue.]]> https://forums.hyperbola.info/viewtopic.php?pid=1902#p1902 Thanks for the insight and I think using keyring.debian.org is quite better because the project itself is more or less independent.

]]> Wed, 22 Apr 2020 23:10:20 +0000 https://forums.hyperbola.info/viewtopic.php?pid=1902#p1902 <![CDATA[Re: Authenticity check issue.]]> https://forums.hyperbola.info/viewtopic.php?pid=1901#p1901 Why mit.edu is better than ubuntu.com? It's a key server not a repository server, I think they are all the same, just only have to work. We can use keyring.debian.org too.

The problem for all key server is the possibility to upload images in the gpg profile that it make it possible and easy to attack the server.

gpg --keyserver SERVER-IT-WORKS-TODAY --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"
]]> Wed, 22 Apr 2020 14:12:11 +0000 https://forums.hyperbola.info/viewtopic.php?pid=1901#p1901 <![CDATA[Re: Authenticity check issue.]]> https://forums.hyperbola.info/viewtopic.php?pid=1900#p1900 Is there no other alternative? Canonical is nothing I would see as "reliable". Same argument for having an independent infrastructure!

]]> Wed, 22 Apr 2020 07:39:59 +0000 https://forums.hyperbola.info/viewtopic.php?pid=1900#p1900 <![CDATA[Authenticity check issue.]]> https://forums.hyperbola.info/viewtopic.php?pid=1899#p1899 To verify the authenticity of iso they suggest to download the key using the mit.edu servers, but this server is always busy (or down)

gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

I suggest to change the server in the hyperbola guide, for example, with keyserver.ubuntu.com:

gpg --keyserver keyserver.ubuntu.com --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"
]]> Wed, 22 Apr 2020 01:21:06 +0000 https://forums.hyperbola.info/viewtopic.php?pid=1899#p1899