[Mageia-discuss] Where is the public key located?

Romain d'Alverny rdalverny at gmail.com
Tue Aug 28 19:39:45 CEST 2012


On Tue, Aug 28, 2012 at 6:53 PM, Johnny A. Solbu <cooker at solbu.net> wrote:
> On Monday 27 August 2012 15:55, Alejandro López wrote:
>> Maybe it could be worth downloading a single compressed file containing the
>> ISO image, the checksums and the signatures.
>
> Then how do you verify the compressed archive contaning the iso with signature and checksums? You need another signature file and checksum files to check the archive, thus defeating the purpose.

You don't have to sign this again:
 - you check the checksums against the iso file,
 - you check the signatures of checksums are correct and match the
right key (here Mageia's public key),
 - and you're done.

If someone tampers with the ISO and/or checksums, the signature check will fail.


More information about the Mageia-discuss mailing list