View Issue Details

IDProjectCategoryView StatusLast Update
0006015Kali LinuxKali Websites & Docspublic2020-02-27 16:57
Reporterd5h Assigned Tog0tmi1k  
PrioritynormalSeveritytweakReproducibilityalways
Status resolvedResolutionfixed 
Product Version2019.4 
Summary0006015: Download page suggests installing GPG key with partial fingerprint, which results in conflict
Description

On the Kali download page (https://www.kali.org/downloads/), it's recommended to run gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 to install Kali's GPG key. The problem is that there's another key that matches this fingerprint, so the command results in two keys being imported:

$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <[email protected]>" imported
gpg: key 0C70FD6B7D8D0BF6: public key "Totally Legit Signing Key <[email protected]>" imported
gpg: Total number processed: 2
gpg: imported: 2

At the very least this seems unintentional and most users probably don't want an unrelated key imported. It should be a trivial fix to update the website to use the full key, so figured I'd report it. :)

Activities

g0tmi1k

g0tmi1k

2020-02-27 16:57

administrator   ~0012366

Thanks for the report

Issue History

Date Modified Username Field Change
2020-01-20 19:16 d5h New Issue
2020-01-20 21:36 rhertzog Assigned To => g0tmi1k
2020-01-20 21:36 rhertzog Status new => assigned
2020-02-27 16:57 g0tmi1k Status assigned => resolved
2020-02-27 16:57 g0tmi1k Resolution open => fixed
2020-02-27 16:57 g0tmi1k Note Added: 0012366