hi,
i get big warnings here trying to download grml:
[cid:b45268ec-1a7a-45db-8b2d-77d2b3c7bbe2] (something like "dont download this file: possible security risk" )
cause its provided without encryption.
Could you please provide https links (at least for the signature file if it is impossible for the iso)
thanks in advance
i tried to verify stuff but i am not sure if i did it in anyway right and am more confused then before
$ gpg grml64-full_2024.02.iso.asc gpg: directory '/home/owner/.gnupg' created gpg: keybox '/home/owner/.gnupg/pubring.kbx' created gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: assuming signed data in 'grml64-full_2024.02.iso'
gpg: Signature made Tue 27 Feb 2024 12:03:13 PM CET gpg: using RSA key 33CCB136401AFEC843A3876396A87872B7EA3737 gpg: Can't check signature: No public key owner@PC-G2H367S:~/Owner.win/Downloads$ gpg --keyid-format long --keyserver hkps://keys.openpgp.org --recv-keys 0x96A87872B7EA3737 gpg: /home/owner/.gnupg/trustdb.gpg: trustdb created gpg: key 96A87872B7EA3737: public key "Michael Prokop mail@michael-prokop.at" imported gpg: Total number processed: 1 gpg: imported: 1 owner@PC-G2H367S:~/Owner.win/Downloads$ sudo apt install gpg Reading package lists... Done Building dependency tree... Done Reading state information... Done gpg is already the newest version (2.2.40-1.1). 0 upgraded, 0 newly installed, 0 to remove and 16 not upgraded. owner@PC-G2H367S:~/Owner.win/Downloads$ gpg grml64-full_2024.02.iso.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: assuming signed data in 'grml64-full_2024.02.iso' gpg: Signature made Tue 27 Feb 2024 12:03:13 PM CET gpg: using RSA key 33CCB136401AFEC843A3876396A87872B7EA3737 gpg: Good signature from "Michael Prokop mail@michael-prokop.at" [unknown] gpg: aka "Michael Prokop michael.prokop@synpro.solutions" [unknown] gpg: aka "Michael Prokop mika@debian.org" [unknown] gpg: aka "Michael Prokop mika@grml.org" [unknown] gpg: aka "Michael Prokop prokop@grml-solutions.com" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 33CC B136 401A FEC8 43A3 8763 96A8 7872 B7EA 3737 owner@PC-G2H367S:~/Owner.win/Downloads$
regards
TN