Bug#389646: apt should try to import a key if a package was signed by a unknown key

To: Otavio Salvador <otavio@debian.org>, 389646@bugs.debian.org
Cc: Rober Morales-Chaparro <rober.morales@gmail.com>
Subject: Bug#389646: apt should try to import a key if a package was signed by a unknown key
From: Simon Richter <Simon.Richter@hogyros.de>
Date: Wed, 27 Sep 2006 18:55:01 +0200
Message-id: <[🔎] 451AACE5.1040406@hogyros.de>
Reply-to: Simon Richter <Simon.Richter@hogyros.de>, 389646@bugs.debian.org
In-reply-to: <[🔎] 87ac4mcl0c.fsf@neumann.lab.ossystems.com.br>
References: <[🔎] 20060926215211.16136.877.reportbug@romeo.micasa.net> <[🔎] 87ac4mcl0c.fsf@neumann.lab.ossystems.com.br>

Otavio,

> It'll reduce the security of machine since won't make difference if
> the key is or not know before you upgrade or install a package.

Agreed; an idea might be to import the key to some "untrusted" keyring,
and allow the user to add it to the "trusted" list after giving some
stern lecture why you shouldn't trust anyone.

   Simon

Reply to:

Follow-Ups:
- Bug#389646: apt should try to import a key if a package was signed by a unknown key
  - From: Rober Morales <rober.morales@gmail.com>

References:
- Bug#389646: apt should try to import a key if a package was signed by a unknown key
  - From: Rober Morales-Chaparro <rober.morales@gmail.com>
- Bug#389646: apt should try to import a key if a package was signed by a unknown key
  - From: Otavio Salvador <otavio@debian.org>

Prev by Date: Bug#389725: [INTL:eu] apt basque translation update
Next by Date: Bug#389725: [INTL:eu] apt basque translation update
Previous by thread: Processed: Re: Bug#389646: apt should try to import a key if a package was signed by a unknown key
Next by thread: Bug#389646: apt should try to import a key if a package was signed by a unknown key
Index(es):
- Date
- Thread