Re: Unverifiable Signature on Debian Security Advisory Emails
On Fri, 12 Dec 2014 10:17:25 +0100, Sébastien NOBILI <sebnewsletter@free.fr> said:
> Hi, Le jeudi 11 décembre 2014 à 21:46, Hubert Chathi a écrit :
>> On Thu, 11 Dec 2014 17:28:32 -0800, Jeremie Marguerie
>> <jeremie@marguerie.org> said: > I guess there might/should be
>> something on the official website with > the key ID of official
>> members.
>>
>> apt-get install debian-keyring?
> Thanks for pointing this package.
> I'm using stable branch and its contents is outdated (april 2013), so
> many of announces can't be verified this way…
> The same applies to Jessie version (august 2014)…
> Shouldn't this package follow Sid version even for stable branch ?
> What's the use for outdated keys that aren't used anymore ?
Yeah, and it should probably be added to stable-updates.
> I'll backport Sid version for my stable system, hope there won't be
> any side effect…
Given that it's purely data and it has no dependencies, there shouldn't
be any side effects. However, remember that if you download the package
manually, you lose the benefit of the apt archive signing. But it
should be safe to add sid to your apt, and use pinning to only allow
that package to be updated.
--
Hubert Chathi <uhoreg@debian.org> -- Jabber: hubert@uhoreg.ca
PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Reply to: