Re: Debian Archive Automatic Signing Key (4.0/etch)?

To: debian-devel@lists.debian.org
Cc: Kurt Roeckx <kurt@roeckx.be>
Subject: Re: Debian Archive Automatic Signing Key (4.0/etch)?
From: David Weinehall <tao@debian.org>
Date: Wed, 22 Nov 2006 23:32:23 +0100
Message-id: <[🔎] 20061122223223.GE14886@vasa.acc.umu.se>
Mail-followup-to: debian-devel@lists.debian.org, Kurt Roeckx <kurt@roeckx.be>
In-reply-to: <[🔎] 20061122215447.GA19963@localdomain>
References: <[🔎] 200611212123.49203.debian@hendrik-sattler.de> <[🔎] 20061121204826.GD20150@ftbfs.de> <[🔎] 20061121225029.GL17348@p12n.org> <[🔎] 20061121225238.GA31851@roeckx.be> <[🔎] 20061122215447.GA19963@localdomain>

On Wed, Nov 22, 2006 at 10:54:47PM +0100, Bartosz Fenski aka fEnIo wrote:
> On Tue, Nov 21, 2006 at 11:52:38PM +0100, Kurt Roeckx wrote:
> > > > gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 | apt-key add -)
> > > 
> > > Uh, don't forget the part about verifying that the key is actually
> > > signed by the ftpmasters.  Skipping that step pretty much defeats the
> > > entire point.
> > > 
> > >   gpg --list-sigs A70DAF536070D3A1
> > 
> > Try gpg --check-sigs A70DAF536070D3A1 instead.
> 
> Very useful:
> 
> (fenio@lapik)~$gpg --check-sigs A70DAF536070D3A1
> pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
> uid                  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
> sig!3        6070D3A1 2006-11-20  Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>
> 
> 2 signatures not checked due to missing keys

^^^

Those signatures are:

sig          2A4E3EAA 2006-11-20  Anthony Towns <aj@erisian.com.au>
sig          29982E5A 2006-11-21  Steve Langasek <vorlon@dodds.net>

> (fenio@lapik)~$
> 
> Looks that it's signed by itself. 

Yes, aren't all keys self-signed?


Regards: David
-- 
 /) David Weinehall <tao@debian.org> /) Rime on my window           (\
//  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   //  Diamond-white roses of fire //
\)  http://www.acc.umu.se/~tao/    (/   Beautiful hoar-frost       (/

Reply to:

References:
- Debian Archive Automatic Signing Key (4.0/etch)?
  - From: Hendrik Sattler <debian@hendrik-sattler.de>
- Re: Debian Archive Automatic Signing Key (4.0/etch)?
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: Debian Archive Automatic Signing Key (4.0/etch)?
  - From: Peter Samuelson <peter@p12n.org>
- Re: Debian Archive Automatic Signing Key (4.0/etch)?
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Debian Archive Automatic Signing Key (4.0/etch)?
  - From: Bartosz Fenski aka fEnIo <fenio@debian.org>

Prev by Date: Re: Debian Archive Automatic Signing Key (4.0/etch)?
Next by Date: Re: Proposed new POSIX sh policy, version two
Previous by thread: Re: Debian Archive Automatic Signing Key (4.0/etch)?
Next by thread: Re: Debian Archive Automatic Signing Key (4.0/etch)?
Index(es):
- Date
- Thread