[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debcheckroot v1.0 released

On Sat, 2014-04-05 at 16:52 +0000, Elmar Stellnberger wrote:
> Am 05.04.2014 15:23, schrieb Patrick Schleizer:
> >> As Debian package headers do not use to be signed
> > I think you are mistaken here or maybe I misunderstand. When you have a
> > Debian medium you trust (such as a Live DVD from a trusted source), we
> > can regard keys in /etc/apt/trusted.gpg.d/ and /etc/apt/trusted.gpg as
> > trusted.
> > For example http://ftp.us.debian.org/debian/dists/jessie/InRelease and
> > http://ftp.us.debian.org/debian/dists/jessie/Release.gpg are gpg signed
> > by the Debian archive key.
> Ah, many thanks for that advice. I had just looked at the Release file 
> which was and still is not signed (am I right?! - have just checked this 
> file).

As the message you quoted says, there's a detached signature available
in the same location.

Regards,

Adam
Reply to: