[sf-lug] check release signatures

aaronco36 aaronco36 at SDF.ORG
Tue Apr 27 09:41:28 PDT 2021

Quoting Ken Shaffer <kenshaffer80 at gmail.com> from [1]:
> Here's the Ubuntu howto, pretty much the same steps for the others.
> https://ubuntu.com/tutorials/how-to-verify-ubuntu#1-overview
> Ken

Here's another enthisiastic vote for that helpful link [2] on performing 
checks on ISO release signatures :-)

Because ....
+ it's much better organized and straightforward (IMHO) than the more 
ranty and longer "flat" sig-checking process descriptions within [3]-[6]
+ one can actually understand all/most steps in [2] involved with 
effectively performing a gpg sig-check, this as opposed to (as a trivial 
example directly quoting from [5]):
~~~~~~~~~~~~~~~~~~ quoting ~~~~~~~~~~~~~~~~~~~
# Source:
# http://mirror.math.princeton.edu/pub/mxlinux-iso/MX/Final/MX-18.1/

$ mv mx-linux-18.1-i386.sha256.original MX-18.1_386.iso.sig
$ ln -s mx-linux-18.1-i386.iso MX-18.1_386.iso

Could very well be just this user alone, but haven't yet myself figured 
out just _Why_, in the 'mv' statement of [5], that "original" .sha256 
checksum file would somehow need to be completely renamed/converted all 
the way to an .iso.sig file?



aaronco36 at sdf.org

More information about the sf-lug mailing list