[ANNOUNCE] using secure apt with the testing security archive

From: Joey Hess (joeyh_at_debian.org)
Date: 11/01/05

  • Next message: kamaraju kusumanchi: "Re: 2.6.14 image will not install"
    Date: Tue, 1 Nov 2005 14:26:17 -0500
    To: secure-testing-announce@lists.alioth.debian.org
    
    
    

    --------------------------------------------------------------------------
    Debian Testing Security Annoucement November 1st, 2005
    secure-testing-team@lists.alioth.debian.org Joey Hess
    http://secure-testing-master.debian.net/
    --------------------------------------------------------------------------

    A new version of apt, 0.6.42 has reached Debian testing. This new apt
    supports verifying signed apt repositories, adding an important layer of
    security to Debian upgrades by preventing installation of forged packages.
    The details are explained in the apt-secure(8) man page.

    To use this new feature, first make sure you have gnupg installed, and
    upgrade to apt 0.6.42. The signature checking is enabled by default, and
    apt will warn if it cannot verify a repository's signature. By default apt
    comes preconfigured to trust only the official Debian archive signing key
    used in the official Debian repository. To make apt also trust the key used
    by the Debian testing security archive, run the following command as root:

    wget http://secure-testing.debian.net/ziyi-2005-7.asc -O - | sudo apt-key add -

    A copy of the key is also included below, and can be fed into apt-key
    by hand if you prefer (perhaps after checking the gnupg signature of this
    announcement).

    Once you have successfuly added the key, the command "apt-key list" will
    include the following in its output:

    pub 1024D/8722E71E 2005-08-24 [expires: 2008-01-31]
    uid secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net>
    sub 2048g/A04E64FA 2005-08-24 [expires: 2008-01-31]

    Note that an updated set of repository signing keys are planned to be
    provided in Jaunury of each year.

    If you have not already done so, you will also need the following lines in
    your /etc/apt/sources.list to use the Debian testing security archive:

    deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free
    deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free

    For further information about the Debian testing security team, please refer
    to http://secure-testing-master.debian.net/

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    mQGiBEMM7wgRBACs/rcYtu++PqBV5t6qTf9FsjJYZV4OUoQmtK849PdHUoVONh/b
    yz0vmP4QPCJXraFYiiiaur8WLcOphwY3DFaz0quozxl3pZfJjN27qDdTTDUKk1Kq
    zFQYTsDaXjSh0nRGW3gFmbyIqTL8sVGOAAz2KbrtLEQE11qYZjzvylEf4wCgv6ss
    HgQ7AcSBjpvm72e9PvSuDhMD/1kV0Snq9ilvCv7QLHBo/JnNgiCwxh5nEnPWHYjo
    SB0I99nuFMAzooAXTQhU3Hx1/sdZ3SMk1hWwZCPI0iNqESH2a3ib0YZt0DycWa3Y
    KxXIJet92u3ApSMVbp6OzzL7REoNCAgg6F/lrl+lVtnHbKiKBMZlKMsp+kQLSXqr
    Ki0pA/wIkkp7mJ7IiVS0fy9gueuiLqJKR6+i092J0RXsQesQX4OTC2DY3IICB22Q
    HfE8WNVZ2iPuWK0ymg6GqAHplp7bfVZMzfMSTMc+hj9WnmEVRRjLH66tsq1XHGEQ
    qg/mbkmeXwUwxAT1WGClcRWJqODmWE7KhkjKwGklYgzBoxwqkLRDc2VjdXJlLXRl
    c3RpbmcgQXJjaGl2ZSBLZXkgMjAwNS03IDxrYXRpZUBzZWN1cmUtdGVzdGluZy5k
    ZWJpYW4ubmV0PohkBBMRAgAkBQJDDO8IAhsDBQkElVcABgsJCAcDAgMVAgMDFgIB
    Ah4BAheAAAoJEJRqpuGHIucecvgAoK3nnF0yEwpNeQASyerh4wxRblZzAJ9h8rEF
    YldbZt/zYA53k2/y2m+s7IhMBBARAgAMBQJDD1fzBYMEku4VAAoJEJnTmaHsNqGF
    YwoAn2uV3WnU5lUUFxhyGEr8NI2Ibrj9AJ43inHJsgrlmy5Ed4bsF8z15PhflrkC
    DQRDDO8gEAgAm1Y/a//sVe6fEANvLc5M5pEsoRkPLNKcH1O/og2mID8/gBV99LRf
    RnjcV8xhF5cWIlb4Es3KvQxmvxo6zGEfsMJWoezqH+2agIra78dfb0B1AyHuvwSR
    Mc9sVy+3CuegM8bD3ss+4ta3rNLChpVrE8DxJZumecqkNSQVOkqeAOl2JIQ/xBkL
    g1hjQA8bXW5AiUu4/XAQAe04w7YNfdsApeCfpKEWAtg54CD9uRbfSwnd2uYHYcos
    mBMhryNrHy27RkyS0BFWaL/1gfBqua7VujcnCm6SnbhB4t3vk/AnEsPJixtW/tOC
    3a3BaPqGsTq848e/PzmWY/8y9mvXwbxq5wADBQgAgNtB3u8TCN2Z4wkKrg19Lohi
    vQzJCXFfRi2ZydOe9E3SbSi6ggthjvGhHv2lTHEue/4wBOta3a9pUpVdMgRFL1Uu
    Jy3nPd1yPC0dOegJj+lMkeMGcdKolJUMdoA+ieZ2lwkrT1b5GdFBSRn8hsuRtZi6
    9QtzoHzDR5lg9ynwTJ+mLlO8r83HmdxbXsnmGlxyZWRoqiSIl7mRLHp2tuFw9chg
    J1nqwewTmCj85Aj/YsbGmqOJcnp98Jk0GDiP/le4rktZAqG2blwVpC2DLLiQSqcY
    S5jjq/iiGnYEIVG+nPa/29OuoX40zwKqBcy5I8rJZIq2hzbazsyg2Sd3vhmZuohP
    BBgRAgAPBQJDDO8gAhsMBQkElVcAAAoJEJRqpuGHIuceRqUAn3Q8msRUTsp882QI
    NWyy5fqTehb5AJ9+kz3xq+7ooAwkdgpNOiz7ogxpQg==
    =bWpz
    -----END PGP PUBLIC KEY BLOCK-----

    -- 
    see shy jo
    
    

    -- 
    To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
    


  • Next message: kamaraju kusumanchi: "Re: 2.6.14 image will not install"