Re: importing a
On Fri, Apr 25, 2008 at 14:27:57 -0400, Michael Habashy wrote:
> does anyone know how to Import the archive signing key from :
>
> http://www.debian.org/volatile/etch-volatile.asc
wget http://www.debian.org/volatile/etch-volatile.asc
apt-key add etch-volatile.asc
(Only the second command needs root privileges.)
If you want to be serious about security then you should check Andreas
Barth's signature on the etch-volatile key, using Barth's public key
that is contained in the debian-keyring package:
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --keyring /etc/apt/trusted.gpg --check-sigs Debian-Volatile
(You have to run this command as root because apt's trusted keyring
/etc/apt/trusted.gpg is not readable by anybody else by default.)
The idea is that the debian-keyring package is vouched for by the normal
Debian archive signing key (which you trust already), so it is
reasonable to extend your trust to the etch-volatile key if Barth's
signature checks out. You have to look for this line in the output of
the gpg command:
sig! EC36A185 2007-03-31 Andreas Barth (Debian Key) <aba AT debian DOT org>
The "!" means that the signature could be verified.
--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |
Reply to:
- References:
- importing a
- From: "Michael Habashy" <mjh2000@gmail.com>