Re: Which keyserver to use for debian?
>>>>> Kent West <westk@acu.edu> writes:
> I'm getting the "public key is not available" type error on trying to
> upgrade my box from lenny to squeeze.
Could you please provide the whole error message?
Also, what's the output of the following commands:
$ dpkg -l debian-archive-keyring
$ gpg --primary-keyring=/usr/share/keyrings/debian-archive-keyring.gpg \
-k 55BE302B
Please note that (as per [1]), the latest version of the
debian-archive-keyring package in Debian Lenny is
2010.08.28~lenny1. I guess that upgrading it may result in the
issue going away.
[1] http://packages.debian.org/lenny/debian-archive-keyring
[…]
> gpg --keyserver subkeys.pgp.net --recv-keys 55BE302B
[…]
> So, how do I know subkeys.pgp.net is a safe keyserver?
The short answer is: you don't. Moreover, you cannot even be
sure that the command above talks to that server, as the
administrators of the DNS server you use may have spoofed that
FQDN. Or, a fellow on the same LAN may have spoofed the DNS
server's reply. Or, the administrator of the router (as per the
“gateway” parameter in the interfaces(5)) may have redirected
the traffic going to the respective IP(s) to go to his or her
own keyserver. And so on.
That's the whole purpose of public key cryptography here: once
the trusted key for the archive is known (and it gets known to
the system duiring the installation), one can safely install the
packages signed by that key, /including/ the package that
contains the trusted keys themselves.
> Or is there an official keyserver for debian users?
--
FSF associate member #7257 Coming soon: Software Freedom Day
http://mail.sf-day.org/lists/listinfo/ planning-ru (ru), sfd-discuss (en)
Reply to: