I found three posts on this back in January, http://lists.debian.org/debian-user/2011/01/msg01775.html
but the documentation still says nothing about why the "CD signing key" should be different from the archive key and why the CD signing key was never announced, etc. I did go to the trouble of pulling the signatures and checksums off of three different more-or-less randomly chosen mirrors, to check they were the same, but I'd still feel a little more comfortable taking my first spin with Debian if there were more evidence that the key that the CDs are being signed with is officially claimed by the project. Okay, I did a gpg --recv-keys on the key 6294BE9B from keyring.debian.org , and tried gpg --verify on the downloaded netinst image, and got the bad signature message. (I think I got the syntax right.) So, what gives, here? Anybody care to give me a clue? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikdy7j1bbnyxbkre9ovpewixo4tej19tfnqn...@mail.gmail.com