[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: census: apt sources.list snippets

On Sun, 29 May 2011 16:16:32 +0800
Paul Wise <pabs@debian.org> wrote:

> On Sun, May 29, 2011 at 2:59 PM, David Kalnischkies wrote:
> > Currently you can't easily - beside installing the keyrings.
> > The warnings are harmless through, at install time apt will ask
> > for confirmation for these packages or you give
> > --allow-unauthenticated
> >
> > But if you really want to silence APT at this stage you can do this:
> ...
> > This way every Release file is "magically" signed with a good
> > signature - at least that is what APT gets to know from our faked
> > gpgv - and all NO_PUBKEY warnings are gone.
> ...
> > P.S.: The "signature" key is the one used in APTs testcases so don't
> > worry that a real person could get offended by using this key for
> > this trick.
> Thanks, worked a treat.
> It would be great to have trust paths from Debian to our derivatives,
> but I don't see that happening any time soon so silencing apt is nice
> for now.

What sort of trust path? How would you propose we create one? I suppose
we could get all the derivatives keys added to a package in debian,
sounds complex though.

Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
No, I won't join your social networking group

Attachment: signature.asc
Description: PGP signature

Reply to: