On Tue, 21 Nov 2006, Kurt Roeckx wrote:
On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote:[Martin Zobel-Helas]gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 | apt-key add -)Uh, don't forget the part about verifying that the key is actually signed by the ftpmasters. Skipping that step pretty much defeats the entire point. gpg --list-sigs A70DAF536070D3A1Try gpg --check-sigs A70DAF536070D3A1 instead.
But Hendrik Sattler is perfectly right and this knowledge has to be stored at prominant places like: a) installation manual b) apt-key.8 c) perhaps somewhere else Could maintainers of a) and b) (and perhaps c) ;-)) acknowledge, that this will be done or should we rather file bug reports (IMHO with severity "important") to these packages? Kind regards Andreas. PS: debian-boot@lists.debian.org in CC because of the installation manual issue. Forgive me if this should be off-topic there. -- http://fam-tille.de