[pve-devel] Release Signatures

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Dec 6 09:22:35 CET 2021

On December 5, 2021 6:42 pm, Sid Spry wrote:
> Are checksums and release signatures available for install media?


checksum via TLS:


(applies to other products/versions as well)

checksum + signature:


signing key == repository key[1,2,3]

1: checksum via TLS https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye#Adapt_your_sources.list
2: keys via TLS https://git.proxmox.com/?p=proxmox-archive-keyring.git;a=tree;f=debian;h=d3538cb8ad0753a45ded226c56e1ac0323a83588;hb=HEAD
3: or installed on any current PVE/PMG/PBS system via 
`proxmox-archive-keyring` ;)

> What about code signing on repos?

no, there is no signing of git commits/.. . our consumable artifacts for 
users are deb packages, which are chained to the repo signing key as 
trust anchor.

More information about the pve-devel mailing list