Bug#389646: apt should try to import a key if a package was signed by a unknown key

Otavio Salvador Tue, 26 Sep 2006 16:26:42 -0700

tag 389646 + wontfix
thanks

Rober Morales-Chaparro <[EMAIL PROTECTED]> writes:


> Package: apt
> Version: 0.6.45
> Severity: minor
>
>     Instead of showing a warning message when apt does not know the key, apt
> cat try to execute (with or without the user confirmation?):
>
> #!/bin/bash
> KEY=$1
>
> gpg --keyserver subkeys.pgp.net --recv $KEY
> gpg --export --armor $KEY | apt-key add -

It'll reduce the security of machine since won't make difference if
the key is or not know before you upgrade or install a package.

IMO that makes APT security feature useless hence, wontfix.

-- 
        O T A V I O    S A L V A D O R
---------------------------------------------
 E-mail: [EMAIL PROTECTED]      UIN: 5906116
 GNU/Linux User: 239058     GPG ID: 49A5F855
 Home Page: http://www.freedom.ind.br/otavio
---------------------------------------------
"Microsoft gives you Windows ... Linux gives
 you the whole house."


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#389646: apt should try to import a key if a package was signed by a unknown key

Reply via email to