[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: First time backports install: authentication issues



Hi,

On Thursday 31 January 2008 19:13, Alexander Wirt wrote:
> Sure, this package is to make your debian trust backports.org. So this is
> kind of a chicken and egg problem. The first package has to be
> unauthenticated.

Actually not :)

http://wiki.skolelinux.no/DebianEdu/Documentation/Etch/HowTo/Administration#head-136bb7e75e07e8b6463e6b30761ac51776c5c27d
describes how to verify the key against the debian-keyring package:

# install the debian-keyring securily:
aptitude install debian-keyring
# fetch the backports.org key insecurily:
gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 16BA136C
# check securily if the key is correct and add it to root's keyring if it is:
gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs 16BA136C && 
gpg --export 16BA136C | apt-key add - 
# update the list of available packages:
aptitude update


> A little bit... but only if you check the signatures on this key before you
> add it. And of course only if you trust one of the people that signed that
> key...

The above does this :)

Now you only have the chicken+egg problem at the "obtaining Debian securely" 
stage...


regards,
	Holger

Attachment: pgpcsV4aK8LYE.pgp
Description: PGP signature


Reply to: