|
|
|
|
|
|
by mocko
3487 days ago
|
|
|
For reference II - downloaded the .iso. Despite a usually robust connection the download was interrupted three times. I have no idea whether this signifies anything. Curl resumed where it left off and in the end... Qubes-R3.2-x86_64 moi$ gpg --verify Qubes-R3.2-x86_64.iso.asc Qubes-R3.2-x86_64.iso_WEBDL
gpg: Signature made Tue Sep 20 18:33:37 2016 BST using RSA key ID 03FA5082
gpg: Good signature from "Qubes OS Release 3 Signing Key" [full]
Of course (skipping merrily off into tinfoil-hat-land) that doesn't eliminate the possibility that the OP's download had been MITM-ed. However this would have to be by someone who:1) Controls part of the network infrastructure between them and mirrors.kernel.org (i.e. routers, cables or DNS) 2) Can fake a TLS certificate for mirrors.kernel.org So, corrupted download or a targeted MITM attack by a state-level actor? Who the hell knows anymore. |
|
|