Hi, just a question because someone had asked me for help. The problem was that apt-get update had complained about not beeing able to verify signatures due to a missing pgp key.
Was easy to tell to do gpg --recv-key A70DAF536070D3A1 gpg -a --export A70DAF536070D3A1 | sudo apt-key add - but: How would one verify that this key is the correct debian key (and not, e.g. the key used by an intruder to fake packages and simply uploaded to public key repositories)? gpg --check-sigs A70DAF536070D3A1 lists some signatures of several people, but none that I personally know, I don't even know whether these people actually exist. So what's the official way to verify debian archives? regards Hadmut -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
