R3.2_rc3.iso Corrupt Download?
56 views
Skip to first unread message
amadaus
Sep 16, 2016, 7:41:55 AM9/16/16
to qubes...@googlegroups.com
I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
signatures received the following output:
[user@rubbish ~]$ gpg -v --verify
'/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
'/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
gpg: armor header: Version: GnuPG v2
gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
03FA5082
gpg: using PGP trust model
gpg: Good signature from "Qubes OS Release 3 Signing Key"
gpg: binary signature, digest algorithm SHA256
[user@rubbish ~]$ gpg --list-sig 03FA5082
pub 4096R/03FA5082 2014-11-19
uid Qubes OS Release 3 Signing Key
sig 36879494 2014-11-19 Qubes Master Signing Key
sig 3 E2986940 2016-01-04 [User ID not found]
sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
As you can see signature E2986940 is unknown. I imported this key, it
belongs to "Kabine Diane <kab...@me.com>"
This seems very suspicious. Should I delete the iso and try a fresh
download?
signatures received the following output:
[user@rubbish ~]$ gpg -v --verify
'/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
'/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
gpg: armor header: Version: GnuPG v2
gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
03FA5082
gpg: using PGP trust model
gpg: Good signature from "Qubes OS Release 3 Signing Key"
gpg: binary signature, digest algorithm SHA256
[user@rubbish ~]$ gpg --list-sig 03FA5082
pub 4096R/03FA5082 2014-11-19
uid Qubes OS Release 3 Signing Key
sig 36879494 2014-11-19 Qubes Master Signing Key
sig 3 E2986940 2016-01-04 [User ID not found]
sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
As you can see signature E2986940 is unknown. I imported this key, it
belongs to "Kabine Diane <kab...@me.com>"
This seems very suspicious. Should I delete the iso and try a fresh
download?
Konstantin Ryabitsev
Sep 16, 2016, 8:18:53 AM9/16/16
to amadaus, qubes...@googlegroups.com
of an unknown signature on a key doesn't invalidate it in any way. As
long as there is a signature you do trust (DDFA1A3E36879494), the key is
valid.
Regards,
--
Konstantin Ryabitsev
Linux Foundation Collab Projects
Montréal, Québec
Andrew David Wong
Sep 16, 2016, 4:37:58 PM9/16/16
to amadaus, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Answered previously here:
https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX3FgVAAoJENtN07w5UDAw+68P/jaZow1G0++1jsdUPmw6rk1P
kRXmRSP47Z+6vcM2dajmHUbtg2EIwxHzkNsogUjXoT3y7WZKa5xw7/8YNMge9wY8
DF2XaEkkQ/gAOTqdPgHlP70URia3UPZhiaF+Pr8cR9FY4VrI7aK9ee02hNgGB0MM
ywhSlO1pTliP9SrkdgVRy/rZA6x6f7Xrdte1s5aA0TdX7kIXpij+ZtYpuMFxbeKa
L1ISrsjH2xc0dtB/5sjZnOy98PbDKpo7Lvz6gWclmtaYTgH7C3sPtJDmfHxqmbBd
xegVvI03UNidTnDqfZpjRL060t1nA/VSgBguxrukRwW3/kJ2W5TD0arl2qFe+ZZd
JqYgI32SoEXjRrilE2nBIEzTsFICfLZDDzeTPdhmwIQ3SKdZWY0/0TBbfeHW5QW0
yyl4lagt2zJ9ZFXLGnN+pUoUA3weGRinfLo7fyzZIEtnHeqdKylnJSIkfbI5UEbS
zp3NsRuCfvvn9Dm2oqBySOEFUEOInfy4AtacYdxQIPmgXvx7GZXb4+xsQI4bHNyH
f75WOIMlR+ZOPfRd0mHjh/VF5PZPA8a2SfF28zGEFnOpwjzYYPGAU0J5FcozffHJ
3AabXA+k3vrHQxwUbASLzfdu3yCRODdU7s2odWZPi7KoHJScKRTjTSFxXO6Swy0s
qxhJLZYYs4X1390BN5yN
=y88c
-----END PGP SIGNATURE-----
Hash: SHA512
https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX3FgVAAoJENtN07w5UDAw+68P/jaZow1G0++1jsdUPmw6rk1P
kRXmRSP47Z+6vcM2dajmHUbtg2EIwxHzkNsogUjXoT3y7WZKa5xw7/8YNMge9wY8
DF2XaEkkQ/gAOTqdPgHlP70URia3UPZhiaF+Pr8cR9FY4VrI7aK9ee02hNgGB0MM
ywhSlO1pTliP9SrkdgVRy/rZA6x6f7Xrdte1s5aA0TdX7kIXpij+ZtYpuMFxbeKa
L1ISrsjH2xc0dtB/5sjZnOy98PbDKpo7Lvz6gWclmtaYTgH7C3sPtJDmfHxqmbBd
xegVvI03UNidTnDqfZpjRL060t1nA/VSgBguxrukRwW3/kJ2W5TD0arl2qFe+ZZd
JqYgI32SoEXjRrilE2nBIEzTsFICfLZDDzeTPdhmwIQ3SKdZWY0/0TBbfeHW5QW0
yyl4lagt2zJ9ZFXLGnN+pUoUA3weGRinfLo7fyzZIEtnHeqdKylnJSIkfbI5UEbS
zp3NsRuCfvvn9Dm2oqBySOEFUEOInfy4AtacYdxQIPmgXvx7GZXb4+xsQI4bHNyH
f75WOIMlR+ZOPfRd0mHjh/VF5PZPA8a2SfF28zGEFnOpwjzYYPGAU0J5FcozffHJ
3AabXA+k3vrHQxwUbASLzfdu3yCRODdU7s2odWZPi7KoHJScKRTjTSFxXO6Swy0s
qxhJLZYYs4X1390BN5yN
=y88c
-----END PGP SIGNATURE-----
amadaus
Sep 17, 2016, 10:27:53 AM9/17/16
to qubes...@googlegroups.com
Andrew David Wong:
thoroughly before posting
>
> On 2016-09-16 04:41, amadaus wrote:
>> I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
>> signatures received the following output:
>> [user@rubbish ~]$ gpg -v --verify
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
>> gpg: armor header: Version: GnuPG v2
>> gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
>> 03FA5082
>> gpg: using PGP trust model
>> gpg: Good signature from "Qubes OS Release 3 Signing Key"
>> gpg: binary signature, digest algorithm SHA256
>> [user@rubbish ~]$ gpg --list-sig 03FA5082
>> pub 4096R/03FA5082 2014-11-19
>> uid Qubes OS Release 3 Signing Key
>> sig 36879494 2014-11-19 Qubes Master Signing Key
>> sig 3 E2986940 2016-01-04 [User ID not found]
>> sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
>
>> As you can see signature E2986940 is unknown. I imported this key, it
>> belongs to "Kabine Diane <kab...@me.com>"
>> This seems very suspicious. Should I delete the iso and try a fresh
>> download?
>
>
> Answered previously here:
>
> https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ
>
Sorry to waste your time. I should've researched the issue more
>> I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
>> signatures received the following output:
>> [user@rubbish ~]$ gpg -v --verify
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
>> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
>> gpg: armor header: Version: GnuPG v2
>> gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
>> 03FA5082
>> gpg: using PGP trust model
>> gpg: Good signature from "Qubes OS Release 3 Signing Key"
>> gpg: binary signature, digest algorithm SHA256
>> [user@rubbish ~]$ gpg --list-sig 03FA5082
>> pub 4096R/03FA5082 2014-11-19
>> uid Qubes OS Release 3 Signing Key
>> sig 36879494 2014-11-19 Qubes Master Signing Key
>> sig 3 E2986940 2016-01-04 [User ID not found]
>> sig 3 03FA5082 2014-11-19 Qubes OS Release 3 Signing Key
>
>> As you can see signature E2986940 is unknown. I imported this key, it
>> belongs to "Kabine Diane <kab...@me.com>"
>> This seems very suspicious. Should I delete the iso and try a fresh
>> download?
>
>
> Answered previously here:
>
> https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ
>
thoroughly before posting
>
Reply all
Reply to author
Forward
0 new messages