Re: Checking GPG Signatures - Debian Keyring is Huge !
Sven Arvidsson wrote:
> I think you're looking at a keyring of all the debian developers (an
> outdated copy from 2005 it seems) that's not necessary to download.
It certainly is dated 2005 - perhaps it's ancient history, but it's the
only key-related file at http://ftp.debian.org/debian/doc/ ... looks
like maybe we need a tidy-up of that part of the website.
> As you already have the keyid you can get the complete key from a
> keyserver using gpg or from any keyserver with a web interface:
> http://pgp.mit.edu:11371/pks/lookup?search=0x88C7C1F7&op=index&fingerprint=on
Aaah .. thanks for that link - I'd tried a couple of other keyservers,
(preconfigured into Windows GPGshell) both of which gave me "No keys found".
> I guess the FAQ should be updated.
Agreed - either to say to use the keyserver you supplied, or to contain
a link to the required key.
>> Is this 13Mb keyring also needed by the new package-signature-checking
>> apt-get ?
>
> No, that's a much smaller package, only containing the key for the
> debian archive.
Thanks for your help.
Nick Boyce
Reply to: