Re: [Fwd: [gNewSense-users] icecat authentication]

[Daniel Clark]

So I'm pretty sure almost no one actually uses the .deb signing
mechanism in practice on the installation end; in practice I think this
is done at the repository level; falcon makes doing this trivial, but
I'm sure it's possible using any of the many and various methods of
maintaining apt repositories.

You'll also need to get people to add your repo-signing ID; you can do
so either by getting them to accept a one-time install of a keyring
package (e.g. fsf-archive-keyring) that does this, or (more secure since
in theory they can look at their web of trust to your signing key) a
procedure like this, but in multiple explained steps, and preferably
getting the .gpg file from a trusted https: site:

wget -q http://apt.wicd.net/wicd.gpg -O- | sudo apt-key add -

Cheers,
-- 
Daniel JB Clark   | Sys Admin, Free Software Foundation
pobox.com/~dclark | http://www.fsf.org/about/staff#danny


Giuseppe Scrivano wrote:
> Hello,
> 
> the current IceCat .deb package is not signed, I'll add a signature next
> time I'll build it.
> I don't know if gNewSense is using a custom keyring, in this case mine
> can be added and avoid that every user will add it manually.
> 
> Giuseppe
> 
> 
> Sam Geeraerts <address@hidden> writes:
> 
>> Hi,
>>
>> The following was a question on the gnewsense-users mailing
>> list. Would it be a lot of trouble to add authentication to the repo?
>> Icecat is pretty popular with gNewSense users and it would be a shame
>> if unexperienced users were scared off by this message.
>>
>>
>> -------- Originele bericht --------
>> Onderwerp: [gNewSense-users] icecat authentication
>> Datum: Wed, 13 May 2009 00:53:21 +0400
>>
>> After this operation, 53.4MB of additional disk space will be used.
>> Do you want to continue [Y/n]? y
>> WARNING: The following packages cannot be authenticated!
>>   icecat
>>
>>
>> what should i do to get signatures and authenticate every update of icecat?

signature.asc
Description: OpenPGP digital signature