On Fri, Apr 25, 2008 at 14:27:57 -0400, Michael Habashy wrote: > does anyone know how to Import the archive signing key from : > > http://www.debian.org/volatile/etch-volatile.asc
wget http://www.debian.org/volatile/etch-volatile.asc apt-key add etch-volatile.asc (Only the second command needs root privileges.) If you want to be serious about security then you should check Andreas Barth's signature on the etch-volatile key, using Barth's public key that is contained in the debian-keyring package: gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --keyring /etc/apt/trusted.gpg --check-sigs Debian-Volatile (You have to run this command as root because apt's trusted keyring /etc/apt/trusted.gpg is not readable by anybody else by default.) The idea is that the debian-keyring package is vouched for by the normal Debian archive signing key (which you trust already), so it is reasonable to extend your trust to the etch-volatile key if Barth's signature checks out. You have to look for this line in the output of the gpg command: sig! EC36A185 2007-03-31 Andreas Barth (Debian Key) <aba AT debian DOT org> The "!" means that the signature could be verified. -- Regards, | http://users.icfo.es/Florian.Kulzer Florian | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
