View Issue Details

IDProjectCategoryView StatusLast Update
0006015Kali Linux[All Projects] Kali Websites & Docspublic2020-01-20 21:36
Reporterd5h Assigned Tog0tmi1k  
PrioritynormalSeveritytweakReproducibilityalways
Status assignedResolutionopen 
Product Version2019.4 
Target VersionFixed in Version 
Summary0006015: Download page suggests installing GPG key with partial fingerprint, which results in conflict
DescriptionOn the Kali download page (https://www.kali.org/downloads/), it's recommended to run `gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6` to install Kali's GPG key. The problem is that there's another key that matches this fingerprint, so the command results in two keys being imported:

$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <devel@kali.org>" imported
gpg: key 0C70FD6B7D8D0BF6: public key "Totally Legit Signing Key <mallory@example.org>" imported
gpg: Total number processed: 2
gpg: imported: 2

At the very least this seems unintentional and most users probably don't want an unrelated key imported. It should be a trivial fix to update the website to use the full key, so figured I'd report it. :)

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-01-20 19:16 d5h New Issue
2020-01-20 21:36 rhertzog Assigned To => g0tmi1k
2020-01-20 21:36 rhertzog Status new => assigned