Re: [PLUG] secure apt

Stephen Gran on 23 Jan 2006 22:18:38 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] secure apt

From: Stephen Gran <steve@lobefin.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] secure apt

Date: Mon, 23 Jan 2006 22:18:12 +0000

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mutt/1.5.9i

On Mon, Jan 23, 2006 at 04:32:57PM -0500, Jeff Abrahamson said: > I want to check that I've understood this correctly from reading > debian docs. The new version of apt pays attention to gpg signatures, > but debs are not currently being signed. It's recommended, then, that > I ignore this error on "apt-get install": > > Install these packages without verification [y/N]? y > > or that I modify /etc/apt/apt.conf.d/70debconf to somehow say to > ignore signatures. Or make a new file in that directory (apt uses run-parts style config parsing). > I want to be very careful about this, because it's initially difficult > to differentiate a bad signature from a broken secure apt. > > Thanks much for any input. The signing is at the archive, rather than package, level. The problem is that we have the software part done in apt, but haven't yet gotten around to figuring out how to do an automatic key update. Each key is only good for one year, so this is going to be a recurring problem unless we can figure it out before next December ;) In the meantime, you can grab the key here: http://ftp-master.debian.org/ziyi_key_2006.asc And then add it to apt's keyring with: apt-key add The key name is always ziyi_key_$year.asc (or at least has been so far) so scripting this wouldn't be hard. The hard part, as I understand it, has been deciding how to verify the key programmatically and decide that it should be added. -- -------------------------------------------------------------------------- | Stephen Gran | When people say nothing, they don't | | steve@lobefin.net | necessarily mean nothing. | | http://www.lobefin.net/~steve | | --------------------------------------------------------------------------
Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] secure apt
From: Art Alexion <art.alexion@verizon.net>

References:

[PLUG] secure apt
From: Jeff Abrahamson <jeff@purple.com>

Prev by Date: [PLUG] secure apt

Next by Date: Re: [PLUG] secure apt

Previous by thread: [PLUG] secure apt

Next by thread: Re: [PLUG] secure apt

Index(es):

Date

Thread