Re: verification of packages with gnupg/apt-key

To: debian-amd64@lists.debian.org
Subject: Re: verification of packages with gnupg/apt-key
From: Martin Dickopp <martin@zero-based.org>
Date: Wed, 29 Jun 2005 14:52:57 +0200
Message-id: <[🔎] cunk6kdb9zq.fsf@zero-based.org>
Mail-followup-to: debian-amd64@lists.debian.org
In-reply-to: <[🔎] 1120045967.7360.13.camel@whale.core.arhont.com> (Andrei Mikhailovsky's message of "Wed, 29 Jun 2005 12:52:47 +0100")
References: <[🔎] 1120045967.7360.13.camel@whale.core.arhont.com>

Andrei Mikhailovsky <andrei@arhont.com> writes:

> Has anyone anyone manage to make verification of packages/Release files
> work under amd64?

You have to obtain the AMD64 Archive Key (for example from a keyserver:
http://pgpkeys.pca.dfn.de:11371/pks/lookup?op=vindex&search=0xE415B2B4B5F5BBED)
and verify its authenticity. Then you can use "apt-key add" to add it to
the list of keys which apt considers trusted.

Verifying the authenticity might be the hardest part of it. I'm in the
fortunate position of having met one of the signers of the archive key
(Joerg Jaspert) face to face and having verified his key. However, if
you don't have a trust path to any Debian Developer's key, you're out of
luck.

Martin

Reply to:

References:
- verification of packages with gnupg/apt-key
  - From: Andrei Mikhailovsky <andrei@arhont.com>

Prev by Date: Re: verification of packages with gnupg/apt-key
Next by Date: Re: Downgrading i386 from amd64
Previous by thread: Re: verification of packages with gnupg/apt-key
Next by thread: SELinux policy
Index(es):
- Date
- Thread