On Tue, 21 Nov 2006, Kurt Roeckx wrote:
On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote:[Martin Zobel-Helas]gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 | apt-key add -)Uh, don't forget the part about verifying that the key is actually signed by the ftpmasters. Skipping that step pretty much defeats the entire point. gpg --list-sigs A70DAF536070D3A1Try gpg --check-sigs A70DAF536070D3A1 instead.
But Hendrik Sattler is perfectly right and this knowledge has to be stored
at prominant places like:
a) installation manual
b) apt-key.8
c) perhaps somewhere else
Could maintainers of a) and b) (and perhaps c) ;-)) acknowledge, that this
will be done or should we rather file bug reports (IMHO with severity
"important") to these packages?
Kind regards
Andreas.
PS: debian-boot@lists.debian.org in CC because of the installation manual
issue. Forgive me if this should be off-topic there.
--
http://fam-tille.de