[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: First time backports install: authentication issues


On Thursday 31 January 2008 19:13, Alexander Wirt wrote:
> Sure, this package is to make your debian trust backports.org. So this is
> kind of a chicken and egg problem. The first package has to be
> unauthenticated.

Actually not :)

describes how to verify the key against the debian-keyring package:

# install the debian-keyring securily:
aptitude install debian-keyring
# fetch the backports.org key insecurily:
gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 16BA136C
# check securily if the key is correct and add it to root's keyring if it is:
gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs 16BA136C && 
gpg --export 16BA136C | apt-key add - 
# update the list of available packages:
aptitude update

> A little bit... but only if you check the signatures on this key before you
> add it. And of course only if you trust one of the people that signed that
> key...

The above does this :)

Now you only have the chicken+egg problem at the "obtaining Debian securely" 


Attachment: pgpvEaONHIlme.pgp
Description: PGP signature

Reply to: