[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

First time backports install: authentication issues


I couldn't find the following issue on the backports.org domain, so I'll ask it here:
I'm doing the first-time install of a backport on debian etch.

after adding:

deb http://www.backports.org/debian etch-backports main contrib non-free

to sources.list and doing an apt-get update, I get, as expected:

Reading package lists... Done
W: GPG error: http://www.backports.org etch-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EA8E8B2116BA136C
W: You may want to run apt-get update to correct these problems

As mentioned in the download instructions, I need to install the backports keyring:
apt-get install debian-backports-keyring
However, that one cannot be authenticated:

WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]?

Any software can be cricital software and I'm not running debian stable to get my system unstable by some untrusted software, so to just to take the overly paranoia approach: How can I know if I can trust this?

Is the alternative way mentioned on: http://www.backports.org/dokuwiki/doku.php?id=instructions
more trustworthy?
gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
gpg --export | apt-key add -

Furthermore: thank you for making these packages available!

Greetings, Pim
Reply to: