Hosting Provided By

Re: backports

From: Chris Lale <chrislale(at)untrammelled.co.uk>
Date: Sun Jun 24 2007 - 03:54:05 EDT

Florian Kulzer wrote:
[...]
>
> An even better approach would be to download the Backports.org Archive
> Key manually and to check the signature before adding the new key to
> apt's keyring. (Installing the debian-backports-keyring package directly
> means that an unverified post-installation script has root on your
> computer, therefore you cannot really trust anything after that,
> including the keys on the Debian keyring.)
>
> P.S. The same goes for the debian-multimedia-keyring package.
>

Yes, Florian, you must be right! I wonder why they offer the keyring package? The instructions page [1] does give instructions about how to install the key - and no mention of the debian-backports-keyring package:

... you can import backports.org archiveâ€™s key into apt:

	gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
	gpg --export | apt-key add -

	or

	wget -O - 
http://backports.org/debian/archive.key | apt-key add -

No mention of how to check it though. Can you check the sig before installing the key?

[1] http://backports.org/dokuwiki/doku.php?id=instructions

-- 
Chris.


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Jun 24 03:54:27 2007

This message: [ Message body ]
Next message: Chris Lale: "Re: how to install ntfs-3g from etch-backports"
Previous message: Thomas Hoppeer: "Re: my DVD is'nt recognized or automounted but k3b detects it perfectly"
In reply to: Florian Kulzer: "Re: backports"
Next in thread: Florian Kulzer: "Re: backports"
Reply: Florian Kulzer: "Re: backports"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Jun 24 2007 - 04:00:02 EDT