As an example, 3.0r2 did not install on my system before I reconfigured trust in the archives. This worked as intended, although that may not be immediately obvious.
Where did you get the new key? How did you verify it? Are you aware of how the archives are signed? Are you aware of how the packages are built? The signature mechanism will protect against a compromised mirror but not against a compromised archive. As it turns out that doesn't appear to ahve happened, but the apt-secure method is insufficient to demonstrate that.
Mike Stone
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
