[buug] debian package signing
Ian Zimmerman
itz at madbat.mine.nu
Sat Jul 28 14:51:07 PDT 2007
Hi, I have several personal debs that I keep on a server and include in
my apt sources (using a line like
deb ssh://foo.bar.com /var/local/debian/
in my sources.list file). However, each time I update one of them and
proceed to install the update with aptitude, I get the big fat red
warning "untrusted versions of the packages will be installed". This
happens despite the following facts:
1/ when I build the package, I use "dpkg-buildpackage -k0123ABCD"
to include a gpg signature
2/ I have added the key 0123ABCD to my apt trusted keys using
"apt-key add"
3/ this URL seems to indicate that the current dpkg supports per-package
signatures
http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html#s-deb-pack-sign
(you have to scroll down to subsection 7.4.5 to see what I am talking about)
So, can I avoid this nuisance other than setting up a full mirror-like
archive with Release files and all?
--
This line is completely ham.
More information about the buug
mailing list