Bill Wohler wrote: > You may get the following error message and not know what it means: > > W: Couldn't stat source package list http://secure-testing.debian.net > etch/security-updates/main Packages > > (/var/lib/apt/lists/secure-testing.debian.net_debian-secure-testing_dists_etch_security-updates_main_binary-i386_Packages) > - stat (2 No such file or directory) > ... > W: You may want to update the package lists to correct these missing files > W: GPG error: http://secure-testing.debian.net etch/security-updates > Release: The following signatures couldn't be verified because the > public key is not available: NO_PUBKEY 946AA6E18722E71E > W: You may want to update the package lists to correct these missing files > > I didn't, but fortunately, I stumbled on an unrelated README this > morning and learned what was missing: apt-key.
It's not likely that users of testing will run into this since the relevant version of apt has not reached testing yet. With that said, I strongly encourage everyone to install the new secure version of apt from unstable if you can, as it's an important enhancement to the overall security of a debian system. > Since the use of apt-key is something that users do rarely if at all, > a reminder of what to do with that information would be welcome. And > that is: > > 1. Save the above key into a file, say, /tmp/debian.key. > > 2. Load the key with: > > sudo apt-key add /tmp/debian.key Actually step 0 is to carefully validate the origin of the key and make sure you can verify it came from someone you trust. -- see shy jo
signature.asc
Description: Digital signature
