Stephen Gran on 23 Jan 2006 22:18:38 -0000 |
On Mon, Jan 23, 2006 at 04:32:57PM -0500, Jeff Abrahamson said: > I want to check that I've understood this correctly from reading > debian docs. The new version of apt pays attention to gpg signatures, > but debs are not currently being signed. It's recommended, then, that > I ignore this error on "apt-get install": > > Install these packages without verification [y/N]? y > > or that I modify /etc/apt/apt.conf.d/70debconf to somehow say to > ignore signatures. Or make a new file in that directory (apt uses run-parts style config parsing). > I want to be very careful about this, because it's initially difficult > to differentiate a bad signature from a broken secure apt. > > Thanks much for any input. The signing is at the archive, rather than package, level. The problem is that we have the software part done in apt, but haven't yet gotten around to figuring out how to do an automatic key update. Each key is only good for one year, so this is going to be a recurring problem unless we can figure it out before next December ;) In the meantime, you can grab the key here: http://ftp-master.debian.org/ziyi_key_2006.asc And then add it to apt's keyring with: apt-key add The key name is always ziyi_key_$year.asc (or at least has been so far) so scripting this wouldn't be hard. The hard part, as I understand it, has been deciding how to verify the key programmatically and decide that it should be added. -- -------------------------------------------------------------------------- | Stephen Gran | When people say nothing, they don't | | steve@lobefin.net | necessarily mean nothing. | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|