Julien Cristau ha scritto: > On Wed, Nov 22, 2006 at 14:53:38 +0100, A Mennucc wrote: > >> that package is only 2 days old and did not transition to etch yet >> >> so it is too early to start signing etch archives with it .... >> >> and it empties the whole idea : to restore my trust path , I >> will have to manually download that package and install it >> > no, because the Release file is still signed with the 2006 key, which is > in apt's keyring already.
you are right on that : I can check that at least one key is verifying OK but gpgv returns an error for that; so debmirror does not run : look $ cd /var/lib/apt/lists $ for i in *unstable*Release ; do echo =========== $i ; \ gpg --verify $i.gpg $i && echo ==== OK ; done =========== ftp.debian.org_debian_dists_unstable_Release gpg: Signature made Wed Nov 22 00:19:30 2006 CET using DSA key ID 2D230C5F gpg: Good signature from "Debian Archive Automatic Signing Key (2006) <[EMAIL PROTECTED]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0847 50FC 01A6 D388 A643 D869 0109 0831 2D23 0C5F gpg: Signature made Wed Nov 22 00:19:30 2006 CET using DSA key ID 6070D3A1 gpg: Can't check signature: public key not found as you see, no OK is printed. a. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
