Page MenuHomeSolus

Verifying the iso image
Closed, ResolvedPublic

Description

The download page provides a GPG Signature file for the iso. However, I have not been able to find the key used for signing anywhere. The User Guide and other documentation also does not provide any information or guidance on verifying the iso for non-torrent downloads. Even though such verification might be confusing for new users, I really think verifying through PGP should be strongly recommended, keys easily findable on major keyservers, and proper terminal commands provided in the right places in the documentation.

Particular key:

gpg: Signature made zo 01 jan 2017 23:12:37 EET using RSA key ID 15C1205F
gpg: requesting key 15C1205F from hkp server keys.gnupg.net
gpgkeys: key 78E2387015C1205F not found on keyserver
gpg: no valid OpenPGP data found.

Event Timeline

anaknaga created this task.Jan 2 2017, 2:21 PM

However, I have not been able to find the key used for signing anywhere.

Yea I'll ping @ikey about having the public key somewhere.

The User Guide and other documentation also does not provide any information or guidance on verifying the iso for non-torrent downloads.

I only added it so those with existing technical abilities and know-how can verify it. Aside from that, the User Guide is currently dead and the wiki is being replaced by a Help Center

I found a reference to the Solus PGP key in this reddit post: https://www.reddit.com/r/SolusProject/comments/5id8kg/how_solus_team_provides_security_of_their_distro/db7v3gd/

However, the link quoted by @ikey seems to be dead at this time (https://archive.solus-project.com/solus.gpg).

Also, I think this is a duplicate of https://dev.solus-project.com/T1954

@anaknaga No, it isn't a dup.

So, the GPG key is clearly there, I'll see about linking it on the site.

JoshStrobl closed this task as Resolved.Jan 3 2017, 9:59 PM
JoshStrobl claimed this task.

Resolved in latest site deployment.