[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#203741: apt sigcheck patches



On Thu, Aug 21, 2003 at 03:21:37PM -0400, Colin Walters wrote:

> On Thu, 2003-08-21 at 14:37, Anthony Towns wrote:
> 
> > So, why don't we just give them a script? 
> 
> In other words: why don't we make everyone use only secure sources?
> 
> Maybe if this functionality was added to apt-ftparchive or something, I
> would be OK with it.  Even then though it's going to be a pain for a lot
> of people to change all their apt source generating scripts, and for all
> the users of these various archives to add the keys to their
> trusted.gpg.

apt-ftparchive would definitely be the place for it.

Key management is, of course, the bane of all cryptosystems, but I think
that with a few simple tools it could become relatively painless.  A single
command could download the key and import it into the keyring.

-- 
 - mdz



Reply to: