hi,
i get big warnings here trying to download grml:
(something like "dont download this file: possible security risk" )
cause its provided without encryption.
Could you please provide https links (at least for the signature file if it is impossible for the iso)
thanks in advance
i tried to verify stuff but i am not sure if i did it in anyway right and am more confused then before
$ gpg grml64-full_2024.02.iso.asc
gpg: directory '/home/owner/.gnupg' created
gpg: keybox '/home/owner/.gnupg/pubring.kbx' created
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in 'grml64-full_2024.02.iso'
gpg: Signature made Tue 27 Feb 2024 12:03:13 PM CET
gpg: using RSA key 33CCB136401AFEC843A3876396A87872B7EA3737
gpg: Can't check signature: No public key
owner@PC-G2H367S:~/Owner.win/Downloads$ gpg --keyid-format long --keyserver hkps://keys.openpgp.org --recv-keys 0x96A87872B7EA3737
gpg: /home/owner/.gnupg/trustdb.gpg: trustdb created
gpg: key 96A87872B7EA3737: public key "Michael Prokop <mail@michael-prokop.at>" imported
gpg: Total number processed: 1
gpg: imported: 1
owner@PC-G2H367S:~/Owner.win/Downloads$ sudo apt install gpg
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
gpg is already the newest version (2.2.40-1.1).
0 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
owner@PC-G2H367S:~/Owner.win/Downloads$ gpg grml64-full_2024.02.iso.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in 'grml64-full_2024.02.iso'
gpg: Signature made Tue 27 Feb 2024 12:03:13 PM CET
gpg: using RSA key 33CCB136401AFEC843A3876396A87872B7EA3737
gpg: Good signature from "Michael Prokop <mail@michael-prokop.at>" [unknown]
gpg: aka "Michael Prokop <michael.prokop@synpro.solutions>" [unknown]
gpg: aka "Michael Prokop <mika@debian.org>" [unknown]
gpg: aka "Michael Prokop <mika@grml.org>" [unknown]
gpg: aka "Michael Prokop <prokop@grml-solutions.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 33CC B136 401A FEC8 43A3 8763 96A8 7872 B7EA 3737
owner@PC-G2H367S:~/Owner.win/Downloads$
regards
TN