Am Dienstag 21 November 2006 23:52 schrieb Kurt Roeckx: > On Tue, Nov 21, 2006 at 04:50:29PM -0600, Peter Samuelson wrote: > > [Martin Zobel-Helas] > > > > > gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 | > > > apt-key add -) > > > > Uh, don't forget the part about verifying that the key is actually > > signed by the ftpmasters. Skipping that step pretty much defeats the > > entire point. > > > > gpg --list-sigs A70DAF536070D3A1 > > Try gpg --check-sigs A70DAF536070D3A1 instead.
Or even better: # gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs A70DAF536070D3A1 I just assume that receiving the keys via the debian-keyring package ist more trustworthy than via a random public server. In the default configuration, it gives me: # gpg --check-sigs A70DAF536070D3A1 pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) <[EMAIL PROTECTED]> sig!3 6070D3A1 2006-11-20 Debian Archive Automatic Signing Key (4.0/etch) <[EMAIL PROTECTED]> 2 signatures not checked due to missing keys HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
