Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Sun, Jun 22, 2008 at 09:54:43PM +0100, Neil Williams wrote:
> > Do you mean from a central repository, somewhat like a keyserver? :-)
> > How would one check integrity then?
> Precisely as you do with any key - signatures and gpg integrity checks
> when the key is imported into apt-key.
well I understood the proposal to do it automatically so it wouldn't
happen like I handle it currently. Now I have the possibility to
explicit allow and deny certain keys in my setup. I can do this by
checking mostly objective standpoints but also because I don't like the
nose of the one providing the repository, so to say.
Thats an important point, because technical aspects cannot decide
weither you trust someone or not (except for the trust level on the key)
So the key would needed to be signed by someone who *I* actually trust.