[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

APT public key updates?

When I try to upgrade one of my machines running testing, I get a
warning about a missing public key:

  W: GPG error: http://ftp.no.debian.org testing Release: The
    following signatures couldn't be verified because the public key is
    not available: NO_PUBKEY 010908312D230C5F
  W: You may want to run apt-get update to correct these problems
  Do you want to continue? [Y/n/?]
  WARNING: untrusted versions of the following packages will be installed!

  Untrusted packages could compromise your system's security.
  You should only proceed with the installation if you are certain
  that this is what you want to do.

I guess this is not how every GPG key change for the archive is
supposed to be handled, as I would expect key updates to happen mostly
automatic.  Where can I find information on what went wrong with my
installation, and what the correct procedure is to fix it when this
problem arises.  I'm glad it does not happen to several hundred
production machines, and just my test machine.

I worked around the problem using this formula, but expect there must
be a more sensible way to handle public key updates:

  gpg --recv-key 010908312D230C5F && gpg -a --export 2D230C5F | apt-key add -

Reply to: