Bug#389646: apt should try to import a key if a package was signed by a unknown key
tag 389646 + wontfix
thanks
Rober Morales-Chaparro <rober.morales@gmail.com> writes:
> Package: apt
> Version: 0.6.45
> Severity: minor
>
> Instead of showing a warning message when apt does not know the key, apt
> cat try to execute (with or without the user confirmation?):
>
> #!/bin/bash
> KEY=$1
>
> gpg --keyserver subkeys.pgp.net --recv $KEY
> gpg --export --armor $KEY | apt-key add -
It'll reduce the security of machine since won't make difference if
the key is or not know before you upgrade or install a package.
IMO that makes APT security feature useless hence, wontfix.
--
O T A V I O S A L V A D O R
---------------------------------------------
E-mail: otavio@debian.org UIN: 5906116
GNU/Linux User: 239058 GPG ID: 49A5F855
Home Page: http://www.freedom.ind.br/otavio
---------------------------------------------
"Microsoft gives you Windows ... Linux gives
you the whole house."
Reply to: