[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#389646: apt should try to import a key if a package was signed by a unknown key

> > It'll reduce the security of machine since won't make difference if
> > the key is or not know before you upgrade or install a package.
>
> Agreed; an idea might be to import the key to some "untrusted" keyring,
> and allow the user to add it to the "trusted" list after giving some
> stern lecture why you shouldn't trust anyone.
>

APT already continue with the install/upgrade if the user answer "Yes" to the 
warning question.

The new feature I want is to make possible the fact that apt can, /with/ the 
user confirmation, import the key the package is signed with:

WARNING: The key 0BDCEXXXXXXXXXXXX is not known: Install anyway? Yes/[No]:
Yes

WARNING: Do you want APT import the key to your keyring now? Yes/[No]:
Yes

TIA!



Regards,

Rober Morales-Chaparro
Reply to: