Re: backports
Florian Kulzer wrote:
[...]
>
> You have to tell gpg which key's signatures it should check. If you
> really want to know what is going on then you should first look at the
> list of signatures for the backports key:
>
> $ gpg --keyring /usr/share/keyrings/debian-backports-keyring.gpg --list-sig 16BA136C
> pub 1024D/16BA136C 2005-08-21
> uid Backports.org Archive Key
> sig 7E7B8AC9 2005-11-20 [User ID not found]
> sig 657BF03D 2006-05-27 [User ID not found]
> sig 3 16BA136C 2005-08-21 Backports.org Archive Key
> sig 3 16BA136C 2005-08-21 Backports.org Archive Key
> sub 2048g/5B82CECE 2005-08-21
> sig 16BA136C 2005-08-21 Backports.org Archive Key
>
> You see that the key has been signed with two other keys, 7E7B8AC9 and
> 657BF03D. These keys are not included in debian-backports-keyring.gpg
> and they are also not on my user's default keyring, therefore gpg cannot
> provide any information besides the key IDs. If you replace "--list-sig"
> with "--check-sig" in the above command you will get "2 signatures not
> checked due to missing keys". However, if you tell gpg to include the
> keyring from the debian-keyring package, you can verify that one of the
> signatures was made by a Debian developer:
>
> $ gpg --keyring /usr/share/keyrings/debian-keyring.gpg --keyring /usr/share/keyrings/debian-backports-keyring.gpg --check-sig 16BA136C
> pub 1024D/16BA136C 2005-08-21
> uid Backports.org Archive Key
> sig! 7E7B8AC9 2005-11-20 Joerg Jaspert
> sig!3 16BA136C 2005-08-21 Backports.org Archive Key
> sig!3 16BA136C 2005-08-21 Backports.org Archive Key
> sub 2048g/5B82CECE 2005-08-21
> sig! 16BA136C 2005-08-21 Backports.org Archive Key
>
[..]
Thanks, Florian.
I suppose that you can check that Joerg Jaspert is a Debian developer by
checking the Debian developer database [1].
[1] http://db.debian.org/
--
Chris.
Reply to:
- Follow-Ups:
- Re: backports
- From: Florian Kulzer <florian.kulzer+debian@icfo.es>