[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: announcing the beginning of security support for testing

Bill Wohler wrote:
> You may get the following error message and not know what it means:
>     W: Couldn't stat source package list http://secure-testing.debian.net
>     etch/security-updates/main Packages
>     (/var/lib/apt/lists/secure-testing.debian.net_debian-secure-testing_dists_etch_security-updates_main_binary-i386_Packages)
>     - stat (2 No such file or directory) 
>     ...
>     W: You may want to update the package lists to correct these missing files
>     W: GPG error: http://secure-testing.debian.net etch/security-updates
>     Release: The following signatures couldn't be verified because the
>     public key is not available: NO_PUBKEY 946AA6E18722E71E 
>     W: You may want to update the package lists to correct these missing files
> I didn't, but fortunately, I stumbled on an unrelated README this
> morning and learned what was missing: apt-key.

It's not likely that users of testing will run into this since the
relevant version of apt has not reached testing yet.

With that said, I strongly encourage everyone to install the new secure
version of apt from unstable if you can, as it's an important
enhancement to the overall security of a debian system.

> Since the use of apt-key is something that users do rarely if at all,
> a reminder of what to do with that information would be welcome. And
> that is:
> 1. Save the above key into a file, say, /tmp/debian.key.
> 2. Load the key with:
>    sudo apt-key add /tmp/debian.key

Actually step 0 is to carefully validate the origin of the key and make
sure you can verify it came from someone you trust.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: