Art Alexion on 24 Jan 2006 14:53:43 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] secure apt

Stephen Gran wrote:

>The signing is at the archive, rather than package, level.  The problem
>is that we have the software part done in apt, but haven't yet gotten
>around to figuring out how to do an automatic key update.  Each key is
>only good for one year, so this is going to be a recurring problem
>unless we can figure it out before next December ;)
>In the meantime, you can grab the key here:
>And then add it to apt's keyring with:
>apt-key add
>The key name is always ziyi_key_$year.asc (or at least has been so far)
>so scripting this wouldn't be hard.  The hard part, as I understand it,
>has been deciding how to verify the key programmatically and decide that
>it should be added.
Thanks Stephen.  I was having a similar problem with another repository
and had no idea how to resolve it before this.


Art Alexion
Arthur S. Alexion LLC

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
The attachment -- signature.asc -- is my electronic signature; no need for alarm.
Info @

Key for signed PDFs available at
The validation string is TTJY-ZILJ-BJJG.

Attachment: signature.asc
Description: OpenPGP digital signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --