On 23/08/17 19:34, Dan Norton wrote: > I'm all for that, but unfortunately... > $ apt-cache show borgbackup | grep ^Homepage > E: No packages found > > Before posting I searched for borg and because nothing turned up I tried > to install it another way. It's supposed to be a self-contained binary; > the simplicity is appealing, but it's gotta be the real thing (not > spoofed). “borgbackup” is in Debian 9. In Debian 8, borgbackup is available in backports. If you are using Debian 9 or higher, then you have a configuration problem because the package *is* there. >> After you have followed this procedure to obtain a fingerprint of the >> borg developer that signs the release, fetch the key with the following >> command (substitute FINGERPRINT with the actual fingerprint. You need >> not delete the spaces in the fingerprint, but do not delete the single >> quotation marks in the command): >> >> gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key >> 'FINGERPRINT' > How do we know about 'hkps://hkps.pool.sks-keyservers.net'? I tried the > command... pool.sks-keyservers.net is a pool of servers of OpenPGP keys (OpenPGP is the format of keys and so on. GNU PG is the name of the program). Refer to <https://sks-keyservers.net/> for more information. Note that unlike fingerprints, the key server is not a security-critical component. All it does is to serve the *requested* key to GNU PG. If it served a key that was not the one requested, GNU PG would detect it. Though maybe denial of service attacks are possible by a malicious server, this is not something that should worry you too much. Always specify the full fingerprint when fetching keys. If you specify one of the shorter IDs (like “3003BEC50642D919” or “0642D919”) , the server could in principle generate a different key with the same ID and give that to you instead. > $ gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key '<the > key>' > gpg: requesting key FAF7B393 from hkps server hkps.pool.sks-keyservers.net > gpgkeys: HTTP fetch error 1: unsupported protocol > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 I am not sure, but I think you are using a very old version of GNU PG that does not have support for HTTPS (HKPS is a protocol over HTTPS). The default version in Debian 9 (2.1.18) supports HKPS. But well, you can use plain HKP too: gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint 'FINGERPRINT' Make sure to use the whole fingerprint. It is a string of 40 hexadecimal digits, optionally interleaved with spaces, like this: E053 A25B CC30 2BBB 2DAD EC03 3003 BEC5 0642 D919 ----- When you reply in mailing list, please delete the parts of the quote that is no longer relevant. Otherwise most of your message is quotation and the conversation becomes hard to read. Regards. -- Do not eat animals, respect them as you respect people. https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
Attachment:
signature.asc
Description: OpenPGP digital signature