0006015: Download page suggests installing GPG key with partial fingerprint, which results in conflict

ID	Project	Category	View Status	Date Submitted	Last Update

0006015	Kali Linux	Kali Websites & Docs	public	2020-01-20 19:16	2020-02-27 16:57

Reporter	d5h	Assigned To	g0tmi1k
Priority	normal	Severity	tweak	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	2019.4

Summary	0006015: Download page suggests installing GPG key with partial fingerprint, which results in conflict
Description	On the Kali download page (https://www.kali.org/downloads/), it's recommended to run `gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6` to install Kali's GPG key. The problem is that there's another key that matches this fingerprint, so the command results in two keys being imported: $ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <[email protected]>" imported gpg: key 0C70FD6B7D8D0BF6: public key "Totally Legit Signing Key <[email protected]>" imported gpg: Total number processed: 2 gpg: imported: 2 At the very least this seems unintentional and most users probably don't want an unrelated key imported. It should be a trivial fix to update the website to use the full key, so figured I'd report it. :)

Date Modified	Username	Field	Change
2020-01-20 19:16	d5h	New Issue
2020-01-20 21:36	rhertzog	Assigned To	=> g0tmi1k
2020-01-20 21:36	rhertzog	Status	new => assigned
2020-02-27 16:57	g0tmi1k	Status	assigned => resolved
2020-02-27 16:57	g0tmi1k	Resolution	open => fixed
2020-02-27 16:57	g0tmi1k	Note Added: 0012366

g0tmi1k 2020-02-27 16:57 administrator ~0012366	Thanks for the report