1 (edited by gnu 2020-04-22 01:22:24)

Topic: Authenticity check issue.

To verify the authenticity of iso they suggest to download the key using the mit.edu servers, but this server is always busy (or down)

gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

I suggest to change the server in the hyperbola guide, for example, with keyserver.ubuntu.com:

gpg --keyserver keyserver.ubuntu.com --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

2

Re: Authenticity check issue.

Is there no other alternative? Canonical is nothing I would see as "reliable". Same argument for having an independent infrastructure!

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

3

Re: Authenticity check issue.

Why mit.edu is better than ubuntu.com? It's a key server not a repository server, I think they are all the same, just only have to work. We can use keyring.debian.org too.

The problem for all key server is the possibility to upload images in the gpg profile that it make it possible and easy to attack the server.

gpg --keyserver SERVER-IT-WORKS-TODAY --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"

4

Re: Authenticity check issue.

Thanks for the insight and I think using keyring.debian.org is quite better because the project itself is more or less independent.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!