On Wed, Nov 22, 2006 at 07:22:35AM +0100, Andreas Tille wrote:
> But Hendrik Sattler is perfectly right and this knowledge has to be stored
> at prominant places like:
>
>a) installation manual
>b) apt-key.8
>c) perhaps somewhere else
It is already at the "Securing Debian Manual", see
gs A70DAF536070D3A1 instead.
>
> Very useful:
>
> ([EMAIL PROTECTED])~$gpg --check-sigs A70DAF536070D3A1
> pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
> uid Debian Archive Automatic Signing Key (4.0/etch) <[EMAIL
> PROTECTED]>
> sig!3
11-20 [expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch) <[EMAIL
PROTECTED]>
sig!36070D3A1 2006-11-20 Debian Archive Automatic Signing Key
(4.0/etch) <[EMAIL PROTECTED]>
2 signatures not checked due to missing keys
([EMAIL PROTECTED])~$
Lo
On Wed, Nov 22, 2006 at 12:09:58PM +0100, Hendrik Sattler wrote:
> Noone answered, yet, why this key is not in debian-archive-keyring package.
> I thought that the whole idea was to make it available before it gets used.
> That would be the easiest (install it at installation time) and
> "apt-key
Julien Cristau ha scritto:
> On Wed, Nov 22, 2006 at 14:53:38 +0100, A Mennucc wrote:
>
>> that package is only 2 days old and did not transition to etch yet
>>
>> so it is too early to start signing etch archives with it
>>
>> and it empties the whole idea : to restore my trust path , I
>> w
On Wed, Nov 22, 2006 at 14:53:38 +0100, A Mennucc wrote:
> that package is only 2 days old and did not transition to etch yet
>
> so it is too early to start signing etch archives with it
>
> and it empties the whole idea : to restore my trust path , I
> will have to manually download that
actually, there is no need for tons of documentation:
the usage of the package debian-archive-keyring should
really automate the whole thing, as long as it is done correctly:
1) release team generates new key and new package debian-archive-keyring
2) users install it : in postinst, /usr/bin/apt-
Luca Capello ha scritto:
> Hello!
>
> On Wed, 22 Nov 2006 12:09:58 +0100, Hendrik Sattler wrote:
>> Noone answered, yet, why this key is not in debian-archive-keyring
>> package.
>
> It's there since the last update:
> =
> debian-archive-keyring (2006.11.22) unstable; urgency=low
>
> * Non
Hamish Moffatt wrote:
> But you need to be able to validate that package in some fashion too.
In this case it's validated using the other signature on the packages
file, which is made with a key that apt already knows about.
--
see shy jo
signature.asc
Description: Digital signature
Martin Zobel-Helas ha scritto:
>
> gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 |
> apt-key add -)
>
$ gpg --recv-keys A70DAF536070D3A1
gpg: requesting key 6070D3A1 from hkp server keyring.debian.org
gpgkeys: key A70DAF536070D3A1 not found on keyserver
gpg: no valid Open
> On Tue, 21 Nov 2006, Kurt Roeckx wrote:
> But Hendrik Sattler is perfectly right and this knowledge has to be stored
> at prominant places like:
>
> a) installation manual
> b) apt-key.8
> c) perhaps somewhere else
Should the apt-get warning message be changed to refer to apt-key.8?
Hello!
On Wed, 22 Nov 2006 12:09:58 +0100, Hendrik Sattler wrote:
> Noone answered, yet, why this key is not in debian-archive-keyring
> package.
It's there since the last update:
=
debian-archive-keyring (2006.11.22) unstable; urgency=low
* Non-maintainer upload.
* Add Etch release key
Am Mittwoch 22 November 2006 11:05 schrieb Hamish Moffatt:
> On Wed, Nov 22, 2006 at 09:48:46AM +0100, Hendrik Sattler wrote:
> > Or even better:
> > # gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs
> > A70DAF536070D3A1
> >
> > I just assume that receiving the keys via the debian
On Wednesday 22 November 2006 07:22, Andreas Tille wrote:
> But Hendrik Sattler is perfectly right and this knowledge has to be
> stored at prominant places like:
>
> a) installation manual
> b) apt-key.8
> c) perhaps somewhere else
>
> Could maintainers of a) and b) (and perhaps c) ;-)
On Wed, Nov 22, 2006 at 09:48:46AM +0100, Hendrik Sattler wrote:
> Or even better:
> # gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs
> A70DAF536070D3A1
>
> I just assume that receiving the keys via the debian-keyring package ist more
> trustworthy than via a random public ser
--check-sigs A70DAF536070D3A1
pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch)
<[EMAIL PROTECTED]>
sig!36070D3A1 2006-11-20 Debian Archive Automatic Signing Key
(4.0/etch) <[EMAIL PROTECTED]>
2 signatures not checked due
On Tue, 21 Nov 2006, Kurt Roeckx wrote:
On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote:
[Martin Zobel-Helas]
gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 | apt-key
add -)
Uh, don't forget the part about verifying that the key is actually
signed by
On Tue Nov 21, 2006 at 21:23:48 +0100, Hendrik Sattler wrote:
> Hi,
>
> I tried to "apt-get update" from a testing mirro today but apt told me?
> W: There are no public key available for the following key IDs:
> A70DAF536070D3A1
>
> OK, maybe a new key, let's look at debian-archive-keyring:
> gpg
On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote:
>
> [Martin Zobel-Helas]
> > gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 |
> > apt-key add -)
>
> Uh, don't forget the part about verifying that the key is actually
> signed by the ftpmasters. Skipping th
Am Dienstag 21 November 2006 21:48 schrieb Martin Zobel-Helas:
> gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 |
> apt-key add -)
Please put that in the apt-key manpage (maybe even the long version to use
debian-archive-keyring exclusively).
But that was only the secondar
[Martin Zobel-Helas]
> gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 |
> apt-key add -)
Uh, don't forget the part about verifying that the key is actually
signed by the ftpmasters. Skipping that step pretty much defeats the
entire point.
gpg --list-sigs A70DAF536070D3
21 matches
Mail list logo