Re: debmirror can't find public key to validate Release files

["Daniel B." <REMOVEdanielTHIS@fgm.com>]

I wrote:

> Andrew M.A. Cater wrote:
>
> > On Wed, Feb 01, 2006 at 11:10:56AM -0500, Daniel B. wrote:
> >
> > > ...when I try to run debmirror to keep my local mirror updated, it
> > > says:
> > >
> > >  ...
> > >  [0%] Keeping: dists/sarge/Release.gpg
> > >  gpg: Signature made Sat Dec 17 05:46:27 2005 EST using DSA key ID 
> > > 4F368D5D
> > >  gpg: Can't check signature: public key not found
> > >  Release signature does not verify.
> > >  ...
> > >
> > > I can't tell if I deleted a key I had before (in purging and/or
> > > re-installing some things I shouldn't have) or if upgrading debmirror
> > > got me a version that now checks against a key I never had in the first
> > > place.
> > >
> > > What can I do to get debmirror working again?
> >
> > apt-get install debian-archive-keyring ??
>
>
> Nope, that doesnt work.  (There's no such package in Sarge
> or the Sarge security updates (unless my mirror is broken).)
>
> What else?



(I've noticed some list messages about registering keys with apt-key,
but apt-key isn't in the apt package in Sarge either.

Apparently the Sarge version of debmirror checks download files against
keys--but where do the keys go and how do I put them there _in Sarge_
(and which key do I use (the current key or the one that was current
when the current Sarge release was assembled))>?)

Daniel