Hi,
On Tue, Nov 18, 2014 at 10:18:39PM +0100, Christoph Biedl wrote:
Some feedback: Since I'm just slightly paranoid and as suggested at http://grml.org/download/, I verified the downloaded grml image to find the signing key has changed:
$ gpgv grml96-full_2014.11.iso.sha1.asc gpgv: Signature made Sat Nov 15 11:28:24 2014 CET using RSA key ID B7EA3737 gpgv: Good signature from "Michael Prokop mail@michael-prokop.at"
[...]
$ gpgv grml96-full_2014.03.iso.sha1.asc gpgv: Signature made Sun Mar 30 15:33:34 2014 CEST using DSA key ID 37E272E8 gpgv: Good signature from "Michael Prokop (Web: www.michael-prokop.at) mail@michael-prokop.at"
Looking at ...
→ gpg --list-keys 37E272E8 B7EA3737 gpg: please do a --check-trustdb pub 1024D/37E272E8 2002-01-24 uid Michael Prokop (Web: www.michael-prokop.at) mail@michael-prokop.at uid Michael Prokop mika@grml.org uid Michael Prokop mika@debian.org sub 1024g/5FC889E9 2002-01-24
pub 4096R/B7EA3737 2010-07-14 [expires: 2020-10-06] uid Michael Prokop mail@michael-prokop.at uid Michael Prokop mika@grml.org uid Michael Prokop mika@debian.org uid Michael Prokop prokop@grml-solutions.com uid Michael Prokop michael.prokop@synpro.solutions sub 4096R/2892CF7E 2010-07-14
... I suspect that this has made Mika to change his default signing key:
https://lists.debian.org/debian-devel-announce/2014/11/msg00004.html
Kind regards, Axel