FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-25-2008, 06:59 PM
Florian Kulzer
 
Default importing a

On Fri, Apr 25, 2008 at 14:27:57 -0400, Michael Habashy wrote:
> does anyone know how to Import the archive signing key from :
>
> http://www.debian.org/volatile/etch-volatile.asc

wget http://www.debian.org/volatile/etch-volatile.asc
apt-key add etch-volatile.asc

(Only the second command needs root privileges.)

If you want to be serious about security then you should check Andreas
Barth's signature on the etch-volatile key, using Barth's public key
that is contained in the debian-keyring package:

gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --keyring /etc/apt/trusted.gpg --check-sigs Debian-Volatile

(You have to run this command as root because apt's trusted keyring
/etc/apt/trusted.gpg is not readable by anybody else by default.)

The idea is that the debian-keyring package is vouched for by the normal
Debian archive signing key (which you trust already), so it is
reasonable to extend your trust to the etch-volatile key if Barth's
signature checks out. You have to look for this line in the output of
the gpg command:

sig! EC36A185 2007-03-31 Andreas Barth (Debian Key) <aba AT debian DOT org>

The "!" means that the signature could be verified.

--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 04-25-2008, 07:21 PM
Florian Kulzer
 
Default importing a

On Fri, Apr 25, 2008 at 20:59:34 +0200, Florian Kulzer wrote:
> On Fri, Apr 25, 2008 at 14:27:57 -0400, Michael Habashy wrote:
> > does anyone know how to Import the archive signing key from :
> >
> > http://www.debian.org/volatile/etch-volatile.asc
>
> wget http://www.debian.org/volatile/etch-volatile.asc
> apt-key add etch-volatile.asc

[ snip: how to verify the authentiticy of the downloaded key ]

I answered your direct question, but now I realize that I should also
have pointed out that the etch-volatile key is included in the
debian-archive-keyring package (version 2007.07.31~etch1). Installing
this package should add the key to apt's keyring automatically.

--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 02:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org