Bug#203741: apt sigcheck patches
On Thu, Aug 21, 2003 at 03:21:37PM -0400, Colin Walters wrote:
> On Thu, 2003-08-21 at 14:37, Anthony Towns wrote:
>
> > So, why don't we just give them a script?
>
> In other words: why don't we make everyone use only secure sources?
>
> Maybe if this functionality was added to apt-ftparchive or something, I
> would be OK with it. Even then though it's going to be a pain for a lot
> of people to change all their apt source generating scripts, and for all
> the users of these various archives to add the keys to their
> trusted.gpg.
apt-ftparchive would definitely be the place for it.
Key management is, of course, the bane of all cryptosystems, but I think
that with a few simple tools it could become relatively painless. A single
command could download the key and import it into the keyring.
--
- mdz
Reply to: