On Thu, Apr 22, 2010 at 00:57:49 +0200, Clive McBarton wrote: > Florian Kulzer wrote: > > On Tue, Apr 20, 2010 at 07:08:23 -0500, John Hasler wrote: > >> Clive McBarton writes: > >>> The debian-multimedia-keyring is not restricted by patents or any > >>> other licence issues. I understand why the other d-m packages are not > >>> in debian, but the keyring (and just the keyring) should be in debian. > >> Debian-multimedia is not part of Debian, > > > > The archive signing key of debian-multimedia is nevertheless in Debian > > already: Christian Marillat uses his developer key to sign his Release > > files, so anyone who cares about security can take this key from the > > (authenticated) debian-keyring package and feed it to apt-key before > > installing any packages from debian-multimedia. > > > > Great! Thanks! Just what I was looking for. > > What would be the simplest command to achieve this key extraction and > insertion? In my case, his key is already on my keyring, so I have some > difficulty testing any command that I'd think up myself.
See here: http://lists.debian.org/debian-user/2006/11/msg03224.html You cannot use this method for other unofficial archives, but often you can at least verify a developer's signature on the archive key that you had to download from the web. Here is an example: http://lists.debian.org/debian-user/2008/04/msg02428.html Ideally the verification should take place before the key is added to the keyring of apt, of course. -- Regards, | Florian | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100422063332.ga24...@bavaria.univ-lyon1.fr
