Hi Steffen! On Fri, 27 Feb 2009 14:40:41 +0100, Steffen Moeller wrote: > Joachim Breitner wrote: > [...] >> He first changed every occurance of --yes with --yes --force-yes, and >> changed every occurance of that back to --yes (configurable with a >> variable). This included this change: >> >> - chroot $INST_DIR apt-get --yes --force-yes install pkg-fso-keyring >> + chroot $INST_DIR apt-get $APT_OPTIONS install pkg-fso-keyring >> >> but in this case, the --force-yes was there originally and for a reason. > > Right. And I am sorry for this. > When we have that pkg-fso-keyring package signed by a Debian developer, the > --force-yes > could go, right?
IIRC, the problme is not the pkg-fso-keyring package being signed or not
by a Debian Developer [1], but the fact that the package comes from a
repository which is not signed by a GPG key present in the apt-key
keyring.
[1] a package cannot be signed, but only the .changes/.dsc files
(signature needed to upload the package) or the Release file from
the repository (signature needed for apt-secure)
The only solution to this problem would be to upload the pkg-fso-keyring
package to Debian main, which is a situation shared by other
"unofficial" repository and IIRC it was discussed a not so long time ago
on debian-de...@.
I do not consider "polluting" the Debian archive with "unofficial"
keyrings a good solution: either the packages are uploaded to Debian
(and thus you do not need external repositories) or they are not
suitable for Debian (in which case you should be aware of what you are
doing, thus you need to manually install the specific -keyring package
or the GPG public key with apt-key).
Thx, bye,
Gismo / Luca
pgp3kxjBuMW1Z.pgp
Description: PGP signature
_______________________________________________ pkg-fso-maint mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-fso-maint
