Dear all,
I was downloading the netimage of bookworm, the signing key(s) and sha sums when I noticed that my timestamp of the signature [0] differs from the one on the website. [1]
Is this a security issue or just a website not updated?
Kind regards
Julian
--
[0] :
$ LC_ALL=C gpg --verify-files SHA512SUMS.sign
gpg: assuming signed data in 'SHA512SUMS'
gpg: Signature made Sat Jun 10 15:58:35 2023 CEST
gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key <
debi...@lists.debian.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
[1] :
https://www.debian.org/CD/verify, e. g. 2011-01-05 [SC]