[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: key error

On 11/26/06, Florian Kulzer <florian@molphys.leidenuniv.nl> wrote:
On Sun, Nov 26, 2006 at 08:17:37 +0100, B_Kloss wrote:
> Am Sonntag, 26. November 2006 03:34 schrieb L.V.Gandhi:
> > I get following error on apt-get update.
> >
> > W: There are no public key available for the following key IDs:
> > A70DAF536070D3A1
> > W: You may want to run apt-get update to correct these problems
> >
> > What to do?
>
> I have the same problem. Haven't seen it before.
> Why install keyring?

If you install the debian-archive-keyring package then your apt keys
will automatically be updated when necessary. Take a look at the output
of "apt-key list" (needs root). You will see that the currently used
archive signing key(s) will expire at some point. The keyring package
provides an automatic but safe mechanism to accept the new keys. It goes
something like this:

- You currently trust a certain archive signing key.

- A new version of the debian-archive-keyring package becomes available.
It contains a new key. (In the present case it seems to be a key
specifically for Etch, valid until 2009-07-01.)

- Before apt installs the new keyring package it verifies the integrity
of the package using the old, trusted key (which is still valid).

- If the new keyring package passes the test then its post-installation
script will run "apt-key import" and add all new keys to apt's
keyring. Your trust of the old key is thus transferred to the new
key(s).

At the moment its seems that both the new and the old key are used to
vouch for the integrity of packages. That gives you a certain time
window to install the new key. (You can currently ignore the message
about the unknown new key since one valid signature with a trusted key
is enough for apt.) Once the ftp-masters drop the old signing key you
will need the new one or apt will shower you with warnings at every
package update/installation.

--
Regards,
         Florian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Today after apt-get update and apt-get dist-upgrade, keyring-archive was updated. Then the problem disappeared.

--
L.V.Gandhi
http://lvgandhi.tripod.com/
linux user No.205042
Reply to: