On Wed, Nov 22, 2006 at 07:22:35AM +0100, Andreas Tille wrote:
But Hendrik Sattler is perfectly right and this knowledge has to be stored
at prominant places like:
a) installation manual
b) apt-key.8
c) perhaps somewhere else
It is already at the Securing Debian Manual, see
Signing Key (4.0/etch)
[EMAIL PROTECTED]
sig!36070D3A1 2006-11-20 Debian Archive Automatic Signing Key
(4.0/etch) [EMAIL PROTECTED]
2 signatures not checked due to missing keys
HS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Wed, Nov 22, 2006 at 09:48:46AM +0100, Hendrik Sattler wrote:
Or even better:
# gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs
A70DAF536070D3A1
I just assume that receiving the keys via the debian-keyring package ist more
trustworthy than via a random public server.
On Wednesday 22 November 2006 07:22, Andreas Tille wrote:
But Hendrik Sattler is perfectly right and this knowledge has to be
stored at prominant places like:
a) installation manual
b) apt-key.8
c) perhaps somewhere else
Could maintainers of a) and b) (and perhaps c) ;-))
Am Mittwoch 22 November 2006 11:05 schrieb Hamish Moffatt:
On Wed, Nov 22, 2006 at 09:48:46AM +0100, Hendrik Sattler wrote:
Or even better:
# gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs
A70DAF536070D3A1
I just assume that receiving the keys via the debian-keyring
Hello!
On Wed, 22 Nov 2006 12:09:58 +0100, Hendrik Sattler wrote:
Noone answered, yet, why this key is not in debian-archive-keyring
package.
It's there since the last update:
=
debian-archive-keyring (2006.11.22) unstable; urgency=low
* Non-maintainer upload.
* Add Etch release key
On Tue, 21 Nov 2006, Kurt Roeckx wrote:
But Hendrik Sattler is perfectly right and this knowledge has to be stored
at prominant places like:
a) installation manual
b) apt-key.8
c) perhaps somewhere else
Should the apt-get warning message be changed to refer to apt-key.8?
--
Martin Zobel-Helas ha scritto:
gpg --recv-keys A70DAF536070D3A1 (gpg --export -a A70DAF536070D3A1 |
apt-key add -)
$ gpg --recv-keys A70DAF536070D3A1
gpg: requesting key 6070D3A1 from hkp server keyring.debian.org
gpgkeys: key A70DAF536070D3A1 not found on keyserver
gpg: no valid OpenPGP
Hamish Moffatt wrote:
But you need to be able to validate that package in some fashion too.
In this case it's validated using the other signature on the packages
file, which is made with a key that apt already knows about.
--
see shy jo
signature.asc
Description: Digital signature
Luca Capello ha scritto:
Hello!
On Wed, 22 Nov 2006 12:09:58 +0100, Hendrik Sattler wrote:
Noone answered, yet, why this key is not in debian-archive-keyring
package.
It's there since the last update:
=
debian-archive-keyring (2006.11.22) unstable; urgency=low
* Non-maintainer
On Wed, Nov 22, 2006 at 14:53:38 +0100, A Mennucc wrote:
that package is only 2 days old and did not transition to etch yet
so it is too early to start signing etch archives with it
and it empties the whole idea : to restore my trust path , I
will have to manually download that
actually, there is no need for tons of documentation:
the usage of the package debian-archive-keyring should
really automate the whole thing, as long as it is done correctly:
1) release team generates new key and new package debian-archive-keyring
2) users install it : in postinst,
Julien Cristau ha scritto:
On Wed, Nov 22, 2006 at 14:53:38 +0100, A Mennucc wrote:
that package is only 2 days old and did not transition to etch yet
so it is too early to start signing etch archives with it
and it empties the whole idea : to restore my trust path , I
will have to
On Wed, Nov 22, 2006 at 12:09:58PM +0100, Hendrik Sattler wrote:
Noone answered, yet, why this key is not in debian-archive-keyring package.
I thought that the whole idea was to make it available before it gets used.
That would be the easiest (install it at installation time) and
apt-key
the
entire point.
gpg --list-sigs A70DAF536070D3A1
Try gpg --check-sigs A70DAF536070D3A1 instead.
Very useful:
([EMAIL PROTECTED])~$gpg --check-sigs A70DAF536070D3A1
pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch
[expires: 2009-07-01]
uid Debian Archive Automatic Signing Key (4.0/etch) [EMAIL
PROTECTED]
sig!36070D3A1 2006-11-20 Debian Archive Automatic Signing Key
(4.0/etch) [EMAIL PROTECTED]
2 signatures not checked due to missing keys
^^^
Those signatures are:
sig
[Martin Zobel-Helas]
gpg --recv-keys A70DAF536070D3A1 (gpg --export -a A70DAF536070D3A1 |
apt-key add -)
Uh, don't forget the part about verifying that the key is actually
signed by the ftpmasters. Skipping that step pretty much defeats the
entire point.
gpg --list-sigs A70DAF536070D3A1
On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote:
[Martin Zobel-Helas]
gpg --recv-keys A70DAF536070D3A1 (gpg --export -a A70DAF536070D3A1 |
apt-key add -)
Uh, don't forget the part about verifying that the key is actually
signed by the ftpmasters. Skipping that step
Am Dienstag 21 November 2006 21:48 schrieb Martin Zobel-Helas:
gpg --recv-keys A70DAF536070D3A1 (gpg --export -a A70DAF536070D3A1 |
apt-key add -)
Please put that in the apt-key manpage (maybe even the long version to use
debian-archive-keyring exclusively).
But that was only the secondary
On Tue Nov 21, 2006 at 21:23:48 +0100, Hendrik Sattler wrote:
Hi,
I tried to apt-get update from a testing mirro today but apt told me?
W: There are no public key available for the following key IDs:
A70DAF536070D3A1
OK, maybe a new key, let's look at debian-archive-keyring:
gpg
On Tue, 21 Nov 2006, Kurt Roeckx wrote:
On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote:
[Martin Zobel-Helas]
gpg --recv-keys A70DAF536070D3A1 (gpg --export -a A70DAF536070D3A1 | apt-key
add -)
Uh, don't forget the part about verifying that the key is actually
signed by
21 matches
Mail list logo