On Sun, Feb 15, 2009 at 19:07:23 -0600, Boyd Stephen Smith Jr. wrote: > On Sunday 15 February 2009 18:46:42 Robert Holtzman wrote: > > Tried "apt-get install debian-backports-keyring" and got the message > > > > WARNING: The following packages cannot be authenticated! > > debian-backports-keyring > > Install these packages without verification [y/N]? > > E: Some packages could not be authenticated > > > > I terminated at that point. Can anyone tell me what the problem is (yeah, > > I know, the problem is it can't be authenticated. Now that we have that > > out of the way.....) and if there is a solution? > > All the signatures that are used to verify the all backports.org repositories > are generated based on the key in that package, including the files that > would > authenticate that package. > > It's a chicken<->egg problem. The backports.org site has alternate > instructions involving direct application of gpg/apt-key to get you the > correct key before you install any package.
I think the gpg method is preferable, because it allows you to check the key before you add it to the trusted keyring of apt. The backports archive key has a signature from Jörg Jaspert; you can confirm the authenticity of this signature using Jörg's public key in /usr/share/keyrings/debian-keyring.gpg (part of the debian-keyring package and therefore authenticated by the normal Debian archive signing mechanism.) -- Regards, | http://users.icfo.es/Florian.Kulzer Florian | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
