Re: trusting repository keys (was: deb-multimedia repository)

To: debian-user@lists.debian.org
Subject: Re: trusting repository keys (was: deb-multimedia repository)
From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
Date: Wed, 21 Aug 2013 21:04:44 +0200
Message-id: <[🔎] 1377111884.709.16.camel@archlinux>
In-reply-to: <[🔎] 20130821145316.GG19648@well-adjusted.de>
References: <[🔎] 521492D8.4060203@mi.parisdescartes.fr> <[🔎] 20130821113819.GF19648@well-adjusted.de> <[🔎] 1377085425.1192.65.camel@archlinux> <[🔎] 20130821145316.GG19648@well-adjusted.de>

On Wed, 2013-08-21 at 16:53 +0200, Jochen Spieker wrote:
> Ralf Mardorf:
> No. Just because a keyserver happens to serve some key that does not
> mean the key is valid.

But if I upload a key it neither would have the same fingerprint, nor
fit to the packages. So I must upload a key and then hack the package to
do something evil. Sure, if the multimedia guys do something evil, than
no key will add security. The key only should ensure that the package is
a package from multimedia.

Reply to:

Follow-Ups:
- Re: trusting repository keys (was: deb-multimedia repository)
  - From: Jochen Spieker <ml@well-adjusted.de>

References:
- deb-multimedia repository
  - From: François Patte <francois.patte@mi.parisdescartes.fr>
- Re: deb-multimedia repository
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: deb-multimedia repository
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- trusting repository keys (was: deb-multimedia repository)
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: What if I choose install text-based mode than X?
Next by Date: apt autoremove
Previous by thread: trusting repository keys (was: deb-multimedia repository)
Next by thread: Re: trusting repository keys (was: deb-multimedia repository)
Index(es):
- Date
- Thread