[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt - missing trustedkeys.gpg to verify source package

Alois Mahdal wrote:
> Sven Joachim wrote:
> > > when downloading source packages, I see error regarding
> > > trustedkeys.gpg:

Ignore the message about .gnupg/trustedkeys.gpg.  It is a distraction
from the real problem.

> > Install the debian-keyring package.
> Thanks, worked!  APT does not complain with the same...

Yes.  The answer is the debian-keyring package.

> Oh, so APT uses different key(ring) to verify sources than to
> verify .deb packages?  I find it quite confusing as well as the
> fact that while keys for .deb are present by default, keys for
> src are not... (Correct me if I'm wrong).

I am sure the reasoning is size.  Look at the size difference between
the two keyrings.

  $ apt-cache show debian-archive-keyring |grep Size:
  Installed-Size: 72
  Size: 26218
  $ apt-cache show debian-keyring | grep Size:
  Installed-Size: 34988
  Size: 31071928

The archive is signed with the archive key and so is very small.  But
the source packages are signed with the key of the DD uploader and so
there are very many of them.  If you have a small system then you
might not have space for it.  And on a small embedded system you might
never need it.


Attachment: signature.asc
Description: Digital signature

Reply to: