[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security keys

tom arnall:
> W: GPG error: http://www.debian-multimedia.org etch Release: The following 
> signatures couldn't be verified because the public key is not available: 
> NO_PUBKEY 07DC563D1F41B907
> W: You may want to run apt-get update to correct these problems

These messages are not very helpful. What they should say is:

The integrity of the archive <http://www.debian-multimedia.org> cannot
be verified because apt is missing the public key 07DC563D1F41B907.

This means that apt cannot tell whether an unauthorized person has
tampered with the packages in this archive. They may contain malicious
code that the archive administrator didn't intend to distribute.

If you want apt to be able to check this archive's integrity, install
its public key using `apt-key`. That way you express your trust in the
archive administrators good intentions and apt will install packages
from archives signed with this key without any warnings.

The key you need may be available on the website belonging to the
archive you are using or on public PGP keyservers.

For further information, please see <http://wiki.debian.org/SecureApt>.

> kloro@debian:/etc/apt$
> i looked around the web to solve this second problem and found stuff about 
> debian keys but couldn't find the actual key to solve the problem.

Apparently, you didn't search at the archive's website. :)

In idle moments I remember former lovers with sentimental tenderness.
[Agree]   [Disagree]

Attachment: signature.asc
Description: Digital signature

Reply to: