Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository

To: debian-devel@lists.debian.org
Subject: Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
From: Neil Williams <codehelp@debian.org>
Date: Sun, 22 Jun 2008 21:54:43 +0100
Message-id: <[🔎] 1214168083.3907.33.camel@dwarf.codehelp>
In-reply-to: <[🔎] 20080622203912.GB4944@in-medias-res.com>
References: <[🔎] 20080621122748.GA20837@thorin> <[🔎] 20080621135212.GA27751@apu.snow-crash.org> <[🔎] 200806211935.05366.holger@layer-acht.org> <[🔎] 20080621173807.GB1591@connexer.com> <[🔎] 20080622161424.GA3293@in-medias-res.com> <[🔎] 485E951E.8070801@zombino.com> <[🔎] 87y74xw99x.fsf@frosties.localdomain> <[🔎] 20080622203912.GB4944@in-medias-res.com>

On Sun, 2008-06-22 at 22:39 +0200, Patrick Schoenfeld wrote:
> On Sun, Jun 22, 2008 at 09:37:46PM +0200, Goswin von Brederlow wrote:
> > PS: I would prefer if apt-get could fetch and verify keyring updates
> > directly from a repository though. Keyring packages are awfull for key
> > rollovers.
> 
> Do you mean from a central repository, somewhat like a keyserver? :-)
> How would one check integrity then?

Precisely as you do with any key - signatures and gpg integrity checks
when the key is imported into apt-key.

The repository would simply provide the ASCII armoured GPG key file that
would be signed by keys belonging to relevant people - in that respect,
it's not that different to any package. The text file is useless without
being imported into gpg so the integrity checks in gpg provide the
integrity check.

-- 
Neil Williams <codehelp@debian.org>

Reply to:

Follow-Ups:
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Patrick Schoenfeld <schoenfeld@in-medias-res.com>

References:
- ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Robert Millan <rmh@aybabtu.com>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Alexander Wirt <formorer@debian.org>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Holger Levsen <holger@layer-acht.org>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Patrick Schoenfeld <schoenfeld@in-medias-res.com>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Adam Majer <adamm@zombino.com>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
  - From: Patrick Schoenfeld <schoenfeld@in-medias-res.com>

Prev by Date: Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Next by Date: Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Previous by thread: Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Next by thread: Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Index(es):
- Date
- Thread