|Anonymous | Login | Signup for a new account||2019-04-21 12:20 UTC|
|My View | View Issues | Change Log | Roadmap | Site Issue Support Ranking | Rules | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003602||Site||[All Projects] Documentation||public||2019-02-07 13:50||2019-02-11 14:37|
|Summary||0003602: debian.drdteam.org doesn't publish the key fingerprint to packages|
Quote from apt-key(8)
apt-secure(8) instructs to:
Quote from apt-secure(8)
|Steps To Reproduce||Visithttp://debian.drdteam.org/ [^] and see there's no fingerprint on that instruction page, only the key. (HTTPS scheme is available.)|
edited on: 2019-02-07 14:05
We don't have information anywhere else either, such as in Doomseeker's README instructions. I'd like to add it there.
Right now there's OpenPGP chain of trust, but that key I downloaded from debian.drdteam.org is also not signed by other parties (such as me, Zalewa or Pol M).
$ gpg --fingerprint 0x392203ABAF88540B pub rsa2048/0x392203ABAF88540B 2012-05-08 [SC] Key fingerprint = 0D8F 900A B77B B504 F2C6 9E7A 3922 03AB AF88 540B uid [ unknown] Braden Obrzut <firstname.lastname@example.org> sub rsa2048/0x5A3EE478F1967822 2012-05-08 [E] Key fingerprint = 08BF 77FB DD76 1544 E87B 6430 5A3E E478 F196 7822
I refreshed fromhkps://hkps.pool.sks-keyservers.net [^] keyserver too, no change.
|Also, no verification happens the downloaded key matches the "trusted" key. See related issue 0003601.|
|Not sure why you mentioned names on the "other parties" thing since I believe if following strict protocol you should not sign a key without meeting in person?|
You are right, Blzut3.
I think a good place to mention "Packages are signed with key XXXX XXXX ..." athttps://zandronum.com/download#instubuntu [^] would still be a nice improvement, rather than no information at all. Those two domains are hosted on different hosts.
|Only registered users can voice their support. Click here to register, or here to log in.|
|Supporters:||No one explicitly supports this issue yet.|
|Opponents:||No one explicitly opposes this issue yet.|
|2019-02-07 13:50||WubTheCaptain||New Issue|
|2019-02-07 13:53||WubTheCaptain||Note Added: 0020340|
|2019-02-07 13:56||WubTheCaptain||Note Added: 0020341|
|2019-02-07 14:05||WubTheCaptain||Note Edited: 0020340||View Revisions|
|2019-02-10 07:54||Blzut3||Note Added: 0020358|
|2019-02-11 14:37||WubTheCaptain||Note Added: 0020362|
Questions or other issues? Contact Us.
|Copyright © 2000 - 2019 MantisBT Team|