Web lists-archives.com

Re: Anyone know what this means when running aptitude update?




Frank <zuiderduin@xxxxxxx> wrote:
> Op 28-03-17 om 00:57 schreef Mark Fletcher:

>> Right, for the key issue, that has taken me right back to where I started:
>>
>> W: There is no public key available for the following key IDs:
>> 1397BC53640DB551

> Odd. If you do a web search with that number, you'll find a lot of posts 
> mentioning this issue and all of them point to the same fix: get 
> google's new key (file).

>> Possibly stupid question -- this is Jessie, does this mechanism of
>> dropping the files in trusted.gpg.d work properly in Jessie or is it
>> new?

> Good question. Sven said it worked. I can't confirm that. It may be 
> worth to try to import that key directly from a keyserver, like I 
> suggested in my first reply:

> sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 1397BC53640DB551

Do NOT *EVER* do this. Importing a key from the keyservers just because
apt says it does not know the ID is wrong. 

You might get MitM'ed right now (in this case we know this is the ID of
Googles key, but my argument still holds in general) and installing the
attackers forged pubkey is exactly what he would want.

Only ever install keys from trusted sources into your apt's trusted
keyring.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.