Re: Bug#664654: apt-offline: gpg signature verification is failing

To: APT Development Team <deity@lists.debian.org>
Cc: 664654@bugs.debian.org
Subject: Re: Bug#664654: apt-offline: gpg signature verification is failing
From: Ritesh Raj Sarraf <rrs@debian.org>
Date: Thu, 29 Mar 2012 22:12:17 +0530
Message-id: <[🔎] 4F7490E9.7070407@debian.org>
Reply-to: rrs@debian.org
In-reply-to: <[🔎] 4F746B99.2060406@debian.org>
References: <20120319155841.28958.14876.reportbug@champaran.researchut.com> <[🔎] 4F746B99.2060406@debian.org>

On Thursday 29 March 2012 07:33 PM, Ritesh Raj Sarraf wrote:

Somewhere down during the development, apt has changed the way it verifies the gpg signatures.

For apt-offline, up till now, I had been using the Release.gpg files. Could someone explain what the new approach is? Or if it is documented, I can try that.
I see no Release.gpg files in apt/lists/partial/ anymore.

I've looked at http://wiki.debian.org/SecureApt but didn't find any new information.

Further investigation shows that `apt-get --print-uris` no more prints urls for the Release file. Now, there's a newer file, InRelease.
I checked the web archives and Release{.gpg} files are still present. Is there any documentation on how do I interpret InRelease files?

Please CC me in replies. I am not subscribed to this list.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Re: Bug#664654: apt-offline: gpg signature verification is failing
  - From: Ritesh Raj Sarraf <rrs@debian.org>

Prev by Date: Re: Bug#664654: apt-offline: gpg signature verification is failing
Next by Date: Compliments! Did you receive my last email
Previous by thread: Re: Bug#664654: apt-offline: gpg signature verification is failing
Next by thread: Compliments! Did you receive my last email
Index(es):
- Date
- Thread