Re: backports keyring
On Sun, Feb 15, 2009 at 19:07:23 -0600, Boyd Stephen Smith Jr. wrote:
> On Sunday 15 February 2009 18:46:42 Robert Holtzman wrote:
> > Tried "apt-get install debian-backports-keyring" and got the message
> >
> > WARNING: The following packages cannot be authenticated!
> > debian-backports-keyring
> > Install these packages without verification [y/N]?
> > E: Some packages could not be authenticated
> >
> > I terminated at that point. Can anyone tell me what the problem is (yeah,
> > I know, the problem is it can't be authenticated. Now that we have that
> > out of the way.....) and if there is a solution?
>
> All the signatures that are used to verify the all backports.org repositories
> are generated based on the key in that package, including the files that would
> authenticate that package.
>
> It's a chicken<->egg problem. The backports.org site has alternate
> instructions involving direct application of gpg/apt-key to get you the
> correct key before you install any package.
I think the gpg method is preferable, because it allows you to check the
key before you add it to the trusted keyring of apt. The backports
archive key has a signature from Jörg Jaspert; you can confirm the
authenticity of this signature using Jörg's public key in
/usr/share/keyrings/debian-keyring.gpg (part of the debian-keyring
package and therefore authenticated by the normal Debian archive signing
mechanism.)
--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |
Reply to: