[solved] sha256 information from debian servers?

If none of the more specific forums is the right place to ask
Post Reply
Message
Author
nemesis77swe
Posts: 2
Joined: 2021-08-01 08:40

[solved] sha256 information from debian servers?

#1 Post by nemesis77swe »

hi all.

I don't know if this is the place for this, but I'm gonna give it a try.

if I'm downloading some tar archives from a debian server (http://cdn-fastly.deb.debian.org/debian ... ian.tar.xz)

HOW can I find a secure way to verify that archive?
I can't trust? the sha256 information in a file from the same site, (since it's http, and if the archive has been altered, so could also the .dsc file)

Especially when I get this result;

Code: Select all

root@socks:~# dpkg-source -x squid_4.13-10.dsc                                            gpgv: Signature made Fri May 28 12:12:52 2021 UTC
gpgv:                using RSA key 06A3E5760F611B4BB1A90E68B8688CA3D876D5A3
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on ./squid_4.13-10.dsc

Is there somewhere an official list?
Last edited by nemesis77swe on 2021-08-01 13:11, edited 1 time in total.

nemesis77swe
Posts: 2
Joined: 2021-08-01 08:40

Re: sha256 information from debian servers?

#2 Post by nemesis77swe »

I found another source:

https://launchpad.net/debian/+source/squid/4.13-10
Where they list the sha's on the page.

Post Reply