FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-15-2009, 11:46 PM
Robert Holtzman
 
Default backports keyring

Tried "apt-get install debian-backports-keyring" and got the message

WARNING: The following packages cannot be authenticated!
debian-backports-keyring
Install these packages without verification [y/N]?
E: Some packages could not be authenticated


I terminated at that point. Can anyone tell me what the problem is (yeah,
I know, the problem is it can't be authenticated. Now that we have that
out of the way.....) and if there is a solution?


Thanks.

--
Bob Holtzman
"If you think you're getting free lunch,
check the price of the beer"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-16-2009, 12:07 AM
"Boyd Stephen Smith Jr."
 
Default backports keyring

On Sunday 15 February 2009 18:46:42 Robert Holtzman wrote:
> Tried "apt-get install debian-backports-keyring" and got the message
>
> WARNING: The following packages cannot be authenticated!
> debian-backports-keyring
> Install these packages without verification [y/N]?
> E: Some packages could not be authenticated
>
> I terminated at that point. Can anyone tell me what the problem is (yeah,
> I know, the problem is it can't be authenticated. Now that we have that
> out of the way.....) and if there is a solution?

All the signatures that are used to verify the all backports.org repositories
are generated based on the key in that package, including the files that would
authenticate that package.

It's a chicken<->egg problem. The backports.org site has alternate
instructions involving direct application of gpg/apt-key to get you the
correct key before you install any package.

I just install that one untrusted package before installing anything else. (I
know this isn't entirely safe, but it's not actually more dangerous than the
other options.)

(I'm a bit surprised that you have that package -- I couldn't find it in my
lenny-backports mirror.)
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 
Old 02-16-2009, 09:17 AM
Florian Kulzer
 
Default backports keyring

On Sun, Feb 15, 2009 at 19:07:23 -0600, Boyd Stephen Smith Jr. wrote:
> On Sunday 15 February 2009 18:46:42 Robert Holtzman wrote:
> > Tried "apt-get install debian-backports-keyring" and got the message
> >
> > WARNING: The following packages cannot be authenticated!
> > debian-backports-keyring
> > Install these packages without verification [y/N]?
> > E: Some packages could not be authenticated
> >
> > I terminated at that point. Can anyone tell me what the problem is (yeah,
> > I know, the problem is it can't be authenticated. Now that we have that
> > out of the way.....) and if there is a solution?
>
> All the signatures that are used to verify the all backports.org repositories
> are generated based on the key in that package, including the files that would
> authenticate that package.
>
> It's a chicken<->egg problem. The backports.org site has alternate
> instructions involving direct application of gpg/apt-key to get you the
> correct key before you install any package.

I think the gpg method is preferable, because it allows you to check the
key before you add it to the trusted keyring of apt. The backports
archive key has a signature from Jörg Jaspert; you can confirm the
authenticity of this signature using Jörg's public key in
/usr/share/keyrings/debian-keyring.gpg (part of the debian-keyring
package and therefore authenticated by the normal Debian archive signing
mechanism.)

--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 12:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org