<br /> All About Secure Apt – Debian Planet

Welcome to Debian Planet

News for Debian. Stuff that *really* matters


Debian Planet is hosted by Bluelinux Internet Services Ltd. Offering a special discounted rate for Free and Open Source software community members.

Buy your Debian merchandise at DebianShop.com.

These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Debian Weekly News — excellent news source!
  • Unofficial APT sources

  • Developers’ Corner
  • Community
    Need help? You’re not alone on this planet.

  • Planet Debian
  • debianHELP
    (User support site)

  • Debian Administration
    (SysAdmin resources)

  • Debian International
  • DebianForum.de

  • DebianForum.dk

  • EsDebian

  • DebianWorld

  • Debian-Fr

  • MaximumDebian

  • DebianItalia
  • DebianUsers

  • Debian-BR

  • DebianHOWTO

  • Russian Debian (Русский)
  • Debian-JP
  • Debian Suisse
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    General feedback should be sent to staff@debianplanet.org

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.oftc.net.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.


    All About Secure Apt
    Submitted by Eric Railine on Wednesday, January 11, 2006 – 11:38
    DebianDebian Developer Joey Hess has produced a detailed explanation and how-to for secure apt in Debian.

    From the page:

    “Recently Debian’s unstable and testing branches have begun to use strong crypto to validate downloaded packages. This is commonly called “secure apt” and was implemented in version 0.6. Since the documentation is fairly slim on how this all works from an administrator’s point of view, this document will try to explain in detail how secure apt works and how to use it.”

    Category: News

    Control panel

    Comment viewing options:

    Select your prefered way to display the comments and click ‘Update settings’ to activate your changes.

    Subject: nice
    Author: zero
    Date: Wednesday, 2006/03/29 – 14:06
    nice to hear that.

    Tomas Hellix
    mp3 blog

    [ Please login, or register ]

    Subject: apt-proxy
    Author: Psiren
    Date: Wednesday, 2006/01/11 – 17:15
    I’m using apt-proxy both at work and at home, and I currently have apt complaining about untrusted sources. Has anyone been able to generate a key for their proxy setup? There appaears to be nothing mentioning this in the article, apart from the “Setting up a secure apt repository” section which just has TODO! I’m not sure that this would help anyway, afaik apt-proxy isn’t a regular repository.
    [ Please login, or register ]


    Subject: apt-proxy & secure apt
    Author: undefined
    Date: Friday, 2006/01/13 – 17:27
    i’m using apt-proxy and not having problems any more. 😉

    last week apt started complaining about insecure packages due to an unknown gpg signing key. i did a quick google on the error message, realized that a new debian.org repository key was issued for 2006 (but as i’m running testing, it took a while for packages signed with the new key to propagate into testing), imported the new key (as detailed in the debian-user email thread google found based on my error message), and the error message immediately went away.

    realize that my problem had nothing to do with apt-proxy specifically, but as i use apt-proxy exclusively and have no other data points, i could have easily attributed it to such. try using an official repository directly and see if the problem persists (not a apt-proxy problem) or goes away (possibly an apt-proxy problem).

    and apt-proxy is no different than any other debian.org mirror (except that it mirrors packages “just-in-time”), and iirc secure apt is not based on the mirror, but on the release & content files within the mirror (which are the same for all debian.org repositories as they are mirrored same as the packages). so apt-proxy has no effect on secure apt usage.

    rant: what i dislike about secure apt is that the packages are only validated for as long as they are in the official repository (as the “security” comes from release and content files in the repository). so if i keep an old version of some package (because, for example, a newer version of the package introduced bugs, removed features, etc) and redistribute it, then there’s no “security” unless i create my own apt repository with a signing key, release file, contents file, etc. with rpm this isn’t an issue as the signature is self-contained within the package, so each package can be individually verified (without some metadata contained in an apt repository).

    [ Please login, or register ]


    Subject: apt-proxy & secure apt
    Author: Psiren
    Date: Monday, 2006/01/16 – 22:30
    Thanks, seems you’re correct. I imported the new key and done an update (I’m running unstable) and it’s stopped complaining. The existing key wasn’t supposed to expire until the end of this month though. Oh well, it’s working now.
    [ Please login, or register ]

    Search articles

    ·News (408)
    ·Features (5)
    ·Site News (16)
    ·HOWTOs (80)
    ·Tips (21)
    ·Opinion (29)
    ·Q & A (35)
    ·Sponsorship (1)
    ·Press Releases (5)

    Log in


    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-943 perl
    DSA-942 albatross
    DSA-903 unzip
    DSA-941 tuxpaint
    DSA-940 gpdf
    DSA-939 fetchmail
    DSA-938 koffice
    DSA-937 tetex-bin
    DSA-936 libextractor
    DSA-935 libapache2-mod-auth-pgsql

    Planet Debian
    Wouter Verhelst: On flames.
    Joachim Breitner: Fixing my planet.debian.org subscription
    Steve Kemp: She has the blood of reptile just underneath her skin
    Pierre Habouzit: Married …
    Pierre Habouzit: whitelister 0.4 (SPF) and aaege ….
    Pierre Habouzit: kde 3.4.1 upload
    Holger Levsen: In case you are running OpenWRT
    Michael Janssen: Shiny roofs are good for the environment!
    Matthew Palmer: Work it out yourself, dammit!
    Axel Beckert: Tell me which music you like and I tell who you are

    Debian Administration
    How do I prevent rebuilt packages from being upgraded?
    Disabling the print-screen key inside X?
    Monitoring your bandwidth usage with vnstat
    Ruby on Rails on Debian
    Choice for Virtual Private Servers?
    Monitoring your hardware’s temperature
    Sending mail with Exim from ‘dialup’ IP
    How to recover GRUB Debian Sarge after reinstalling Windows
    Getting a GUI
    Spam filtering with Pyzor and SpamBayes

    Latest poll: Which release scheme should Debian follow?
    Continue this way (release when ready)
    Give up on releasing
    Split the release up
    Speed the release up
    Crank the workload up (see DebianWiki ReleaseProposals for details on these)

    Total votes: 372
    0 comments · older polls

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal

    Debian Planet is not officially related to the Debian Project.
    Debian and the Debian logo are trademarks of Software in the Public Interest, Inc.