Dear all, I was downloading the netimage of bookworm, the signing key(s) and sha sums when I noticed that my timestamp of the signature [0] differs from the one on the website. [1] Is this a security issue or just a website not updated?
Kind regards Julian -- [0] : $ LC_ALL=C gpg --verify-files SHA512SUMS.sign gpg: assuming signed data in 'SHA512SUMS' gpg: Signature made Sat Jun 10 15:58:35 2023 CEST gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B [1] : https://www.debian.org/CD/verify, e. g. 2011-01-05 [SC]
