Hi,
I'm back to FreeBSD after (too) many years, and may have missed something, please bear with me.
My question is: how may I verify (origin, integrity) a published file?
Case in point: I want to install FreeBSD 11.1. The announce points towards (https://www.freebsd.org/releases/11.1R/announce.html#availability) a set of PGP-signed files ( https://www.freebsd.org/releases/11.1R/signatures.html ), I downloaded https://www.freebsd.org/releases/11.1R/CHECKSUM.SHA512-FreeBSD-11.1-RELEASE-amd64-vm.asc, which is signed by 8D12403C2E6CAB086CF64DA3031458A5478FE293, but I cannot find the public key.
The long and short (478FE293) key IDs aren't on keyservers, nor in "The OpenPGP keys of the FreeBSD.org officers" ( https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pgpkeys.html ). According to informations posted in a thread dating 2014 ( https://lists.freebsd.org/pipermail/freebsd-stable/2014-September/080271.html ) this key was used to sign BETA-status files(?!)
My subquestion is: where may I obtain the 8D12403C2E6CAB086CF64DA3031458A5478FE293 public key?
Thank you!
I'm back to FreeBSD after (too) many years, and may have missed something, please bear with me.
My question is: how may I verify (origin, integrity) a published file?
Case in point: I want to install FreeBSD 11.1. The announce points towards (https://www.freebsd.org/releases/11.1R/announce.html#availability) a set of PGP-signed files ( https://www.freebsd.org/releases/11.1R/signatures.html ), I downloaded https://www.freebsd.org/releases/11.1R/CHECKSUM.SHA512-FreeBSD-11.1-RELEASE-amd64-vm.asc, which is signed by 8D12403C2E6CAB086CF64DA3031458A5478FE293, but I cannot find the public key.
The long and short (478FE293) key IDs aren't on keyservers, nor in "The OpenPGP keys of the FreeBSD.org officers" ( https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pgpkeys.html ). According to informations posted in a thread dating 2014 ( https://lists.freebsd.org/pipermail/freebsd-stable/2014-September/080271.html ) this key was used to sign BETA-status files(?!)
My subquestion is: where may I obtain the 8D12403C2E6CAB086CF64DA3031458A5478FE293 public key?
Thank you!