[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

Frans Pop wrote:
> On Saturday 20 February 2010 09:15, Joey Hess wrote:
>>Nonzero exit; odd, it doesn't seem to notice that the key is expired at
>>all. But apt won't use gpgv like that, I suppose, but instead like

> Note though that other packages, like debmirror, do:
> my $GPG="gpg --no-tty -q";
> [...]
> if (!-f "$tempdir/dists/$dist/Release.gpg" || \
>     !-f "$tempdir/dists/$dist/Release" || \
>     system("$GPG --verify $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release")) {
Well, anyone using the mirror can then verify.
If you're just trying to determine whether or not Release corresponds to
Release.gpg this behaviour is much saner than assuming Release invalid,
because debmirror would attempt to fix that by regetting.

Kind regards

Thomas Viehmann, http://thomas.viehmann.net/

Reply to: