[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#389646: apt should try to import a key if a package was signed by a unknown key

tag 389646 + wontfix
thanks

Rober Morales-Chaparro <rober.morales@gmail.com> writes:

> Package: apt
> Version: 0.6.45
> Severity: minor
>
>     Instead of showing a warning message when apt does not know the key, apt
> cat try to execute (with or without the user confirmation?):
>
> #!/bin/bash
> KEY=$1
>
> gpg --keyserver subkeys.pgp.net --recv $KEY
> gpg --export --armor $KEY | apt-key add -

It'll reduce the security of machine since won't make difference if
the key is or not know before you upgrade or install a package.

IMO that makes APT security feature useless hence, wontfix.

-- 
        O T A V I O    S A L V A D O R
---------------------------------------------
 E-mail: otavio@debian.org      UIN: 5906116
 GNU/Linux User: 239058     GPG ID: 49A5F855
 Home Page: http://www.freedom.ind.br/otavio
---------------------------------------------
"Microsoft gives you Windows ... Linux gives
 you the whole house."
Reply to: