Re: Suggest instructions for how to use volitile archive signing key

To: debian-www@lists.debian.org
Subject: Re: Suggest instructions for how to use volitile archive signing key
From: Alexander Blazej <alexander.blazej@gmail.com>
Date: Sun, 06 May 2007 18:17:55 -0700
Message-id: <[🔎] 1178500675.16365.43.camel@localhost>
In-reply-to: <[🔎] 1178498389.16365.26.camel@localhost>
References: <[🔎] 1178498389.16365.26.camel@localhost>

Errors in my email:

1) "apt-key" is not a package.  The program is included in the "apt"
package, which also includes the "apt-get" program.  To correct this
error, instead use this command:

apt-get update ; apt-get install curl ; curl http://www.debian.org/volatile/etch-volatile.asc | apt-key add -

2) The sarge "apt" package does NOT contain "apt-key". To verify see:
http://packages.debian.org/cgi-bin/search_contents.pl?searchmode=filelist&word=apt&version=oldstable&arch=i386
I don't think apt-key existed in any sarge package, so the the command I
suggested using won't work in sarge.
I won't try to give instructions on how to set up the Sarge signature
since I don't have a system to test on, and I wouldn't know if I should
add the key to /etc/apt/trusted.gpg  or /root/.gnupg/pubring.gpg

I apologize for the errors.

On Sun, 2007-05-06 at 17:39 -0700, Alexander Blazej wrote:
> The page:
> 
> http://www.debian.org/volatile/
> 
> has the text:
> 
> Archive signing key
> Please see ziyi-sarge.asc for sarge, and etch-volatile.asc for etch.
> 
> 
> I, and I suspect others, would appreciate a more verbose instructions.
> Please consider using this text:
> 
> To ensure the packages in the volatile master and mirror archives have
> not been tampered with, the packages are are digitally signed.  You need
> to configure your system to recognize this signature.
> 
> If your system is running the Etch version on Debian, run as root:
> apt-get update ; apt-get install curl apt-key ; curl http://www.debian.org/volatile/etch-volatile.asc | apt-key add -
> 
> If your system is running the Sarge version on Debian, run as root:
> apt-get update ; apt-get install curl apt-key ; curl http://www.debian.org/volatile/ziyi-sarge.asc | apt-key add -
> 
> If your system encounters an unknown signature, you will get a warning such as:
> 
> W: GPG error: http://volatile.debian.org etch/volatile Release: The
> following signatures couldn't be verified because the public key is not
> available: NO_PUBKEY F193B82C012D9230
> 
>

Reply to:

Follow-Ups:
- Re: Suggest instructions for how to use volitile archive signing key
  - From: Alexander Blazej <alexander.blazej@gmail.com>

References:
- Suggest instructions for how to use volitile archive signing key
  - From: Alexander Blazej <alexander.blazej@gmail.com>

Prev by Date: Re: Suggest instructions for how to use volitile archive signing key
Next by Date: Re: Suggest instructions for how to use volitile archive signing key
Previous by thread: Re: Suggest instructions for how to use volitile archive signing key
Next by thread: Re: Suggest instructions for how to use volitile archive signing key
Index(es):
- Date
- Thread