APT public key updates?

To: debian-devel@lists.debian.org
Subject: APT public key updates?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Thu, 05 Jan 2006 00:03:53 +0100
Message-id: <[🔎] 2fl64oz1tpi.fsf@saruman.uio.no>

When I try to upgrade one of my machines running testing, I get a
warning about a missing public key:

  [...]
  W: GPG error: http://ftp.no.debian.org testing Release: The
    following signatures couldn't be verified because the public key is
    not available: NO_PUBKEY 010908312D230C5F
  W: You may want to run apt-get update to correct these problems
  [...]
  Do you want to continue? [Y/n/?]
  WARNING: untrusted versions of the following packages will be installed!

  Untrusted packages could compromise your system's security.
  You should only proceed with the installation if you are certain
  that this is what you want to do.
  [...]

I guess this is not how every GPG key change for the archive is
supposed to be handled, as I would expect key updates to happen mostly
automatic.  Where can I find information on what went wrong with my
installation, and what the correct procedure is to fix it when this
problem arises.  I'm glad it does not happen to several hundred
production machines, and just my test machine.

I worked around the problem using this formula, but expect there must
be a more sensible way to handle public key updates:

  gpg --recv-key 010908312D230C5F && gpg -a --export 2D230C5F | apt-key add -

Reply to:

Follow-Ups:
- Re: APT public key updates?
  - From: Daniel Leidert <daniel.leidert.spam@gmx.net>

Prev by Date: Re: Bug#345977: ITP: polld -- Polling demon
Next by Date: Re: APT public key updates?
Previous by thread: Fwd: Bug#344758: init.d script should create /var/run/dirmngr
Next by thread: Re: APT public key updates?
Index(es):
- Date
- Thread