On ven., 2014-10-17 at 17:14 +, Patrick Schleizer wrote:
Debian has no good mechanism to revoke apt keys in case of compromise,
neither a way to inform users in emergency situations:
https://lists.debian.org/debian-security/2013/10/msg00065.html
The only information is that thread (which
Yves-Alexis Perez:
On ven., 2014-10-17 at 17:14 +, Patrick Schleizer wrote:
Debian has no good mechanism to revoke apt keys in case of compromise,
neither a way to inform users in emergency situations:
https://lists.debian.org/debian-security/2013/10/msg00065.html
The only information
Yves-Alexis Perez:
On sam., 2014-10-18 at 13:55 +, Patrick Schleizer wrote:
Otherwise, what are the relevant people, how to contact them?
You can find some hints in
https://lists.debian.org/debian-security/2013/10/msg00066.html
If it's really that hard, here are some pointers.
DSA:
Hi,
I am just wondering about a hypothetical situation where the master GPG key
used for signing the debian archive was stolen. After creating a new master
key and getting a new public key into the debian-keyring package, how would
you get that to users?
I mean if you resigned the release file
Hi,
That is not correct. Missing key does not disable installation feature of
package manager.
1. You can import key manually. Like this:
sudo apt-key adv –keyserver subkeys.pgp.net –recv-keys XX
2. Even with non-imported key apt-get/aptitude will allow you to install
software
David Hubner:
Hi,
I am just wondering about a hypothetical situation where the master GPG key
used for signing the debian archive was stolen. After creating a new master
key and getting a new public key into the debian-keyring package, how would
you get that to users?
I mean if you
6 matches
Mail list logo
