Installation media signatures?
contact at evilham.com
Sat Aug 22 10:11:43 UTC 2020
On dv., ag. 21 2020, 6E7368 via freebsd-questions wrote:
> I was about to flash the rpi3 12.1-RELEASE img to an SD card,
> but I couldn't find any signatures to verify it against. Am I
> missing something, or are users supposed to install unverified
> images? Checksums without a signature are not an assurance
> against tampering.
> I didn't find what I was looking for in the handbook or with
> Google, and I thought I'd ask here instead of bugging the
> security mailing list.
Hey, the web announcement has a URL to its signed counterpart:
Since the announcement has all the checksums, you'd have to verify
the announcement's signature, then the file's checksum against it.
The Handbook has more info about the project's PGP keys:
More information about the freebsd-questions