Re: APT public key updates?

To: debian-devel@lists.debian.org
Subject: Re: APT public key updates?
From: Thomas Viehmann <tv@beamnet.de>
Date: Wed, 11 Jan 2006 07:43:55 +0100
Message-id: <[🔎] 43C4A92B.6040300@beamnet.de>
In-reply-to: <[🔎] 200601110028.15325.aragorn@tiscali.nl>
References: <[🔎] 2flr77mp5lx.fsf@saruman.uio.no> <[🔎] 20060110050328.GB22925@localhost.localdomain> <[🔎] 20100220081541.GE7412@kitenet.net> <[🔎] 200601110028.15325.aragorn@tiscali.nl>

Frans Pop wrote:
> On Saturday 20 February 2010 09:15, Joey Hess wrote:
>>Nonzero exit; odd, it doesn't seem to notice that the key is expired at
>>all. But apt won't use gpgv like that, I suppose, but instead like
>>this:

> Note though that other packages, like debmirror, do:
> 
> my $GPG="gpg --no-tty -q";
> [...]
> if (!-f "$tempdir/dists/$dist/Release.gpg" || \
>     !-f "$tempdir/dists/$dist/Release" || \
>     system("$GPG --verify $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release")) {
Well, anyone using the mirror can then verify.
If you're just trying to determine whether or not Release corresponds to
Release.gpg this behaviour is much saner than assuming Release invalid,
because debmirror would attempt to fix that by regetting.

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/

Reply to:

References:
- Re: APT public key updates?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: APT public key updates?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: APT public key updates?
  - From: Joey Hess <joeyh@debian.org>
- Re: APT public key updates?
  - From: Frans Pop <aragorn@tiscali.nl>

Prev by Date: Re: Is mesa actually maintained?
Next by Date: Bug#347509: ITP: kdnssd-avahi -- Zeroconf library for KDE using Avahi as backend
Previous by thread: Re: APT public key updates?
Next by thread: Re: APT public key updates?
Index(es):
- Date
- Thread