[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: backports



On Tue, Jul 03, 2007 at 09:55:20 +0100, Chris Lale wrote:

[...]

> It seems that this is an outstanding debian-keyring bug dating from 16 Feb 2005:
> #295527 "horribly outdated"[1].
> 
> A bug reply mentions a local updated, unofficial version by Roland Stigge:
> debian-keyring_2006.10.11_all.deb[2] dated 11-Oct-2006. I downloaded and
> extracted it using your previous method:
> 
> $ mkdir tempdir
> $ dpkg-deb -X debian-backports-keyring_2007.06.10_all.deb tempdir/
> $ mv tempdir/usr/share/keyrings/debian-backports-keyring.gpg .
> $ rm -rf tempdir/
> 
> Then I checked for 4B2B2B9E and got a match!
> 
> $ gpg --no-default-keyring --keyring ~/downloads/debs/debian-keyring.gpg
> --check-sig 4B2B2B9E
> gpg: checking the trustdb
> gpg: public key 3C093EEF is 29789 seconds newer than the signature

I don't see this when I do the same. 8 hours difference; a timezone
configuration problem, maybe?

> gpg: public key of ultimately trusted key ECB41FF5 not found

The "ultimately trusted" key should be your own. Did you experiment with
gpg in the past and generate a key (pair) which you deleted again?

> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> pub   1024D/4B2B2B9E 2004-06-20
> uid                  Daniel Baumann
> [...]
> sig!3        307D56ED 2004-09-18  Noèl Köthe
> sig!3        9B7C328D 2005-03-30  Luk Claes
> sig!3        4B2B2B9E 2004-06-20  Daniel Baumann
> sig!3        4B2B2B9E 2004-06-20  Daniel Baumann
> [...]
> 1 bad signature
> 535 signatures not checked due to missing keys
> 
> How well do you think I can trust this debian-keyring_2006.10.11_all.deb package?

It certainly increases trust if a key(ring) checks out from many
different sources. However, I think that the most important thing is
being able to verify signatures with the keys from the debian-keyring
package.
 
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295527
> [2] http://people.debian.org/~stigge/packages/

-- 
Regards,            | http://users.icfo.es/Florian.Kulzer
          Florian   |



Reply to: