On Thu, Aug 21, 2003 at 03:21:37PM -0400, Colin Walters wrote: > On Thu, 2003-08-21 at 14:37, Anthony Towns wrote: > > > So, why don't we just give them a script? > > In other words: why don't we make everyone use only secure sources? > > Maybe if this functionality was added to apt-ftparchive or something, I > would be OK with it. Even then though it's going to be a pain for a lot > of people to change all their apt source generating scripts, and for all > the users of these various archives to add the keys to their > trusted.gpg.
apt-ftparchive would definitely be the place for it. Key management is, of course, the bane of all cryptosystems, but I think that with a few simple tools it could become relatively painless. A single command could download the key and import it into the keyring. -- - mdz
