On Aug 27, 2004, at 5:53 PM, Richard Bos wrote:
Op vrijdag 27 augustus 2004 23:35, schreef Steve Kratz:
You can
a) (probably safest is the apt source actually has a PGP key) look at /etc/apt/sources.list, visit each site, download the pgp key and import it into your gpg keyring... OR
b) add --no-checksig to the apt/apt-get command line. This will override the signature checking completely. While it's somewhat unlikely the Packman or ULB, etc., repositories would intentionally put 'bad' RPMs on their site, there's always that chance someone could tamper with something and you'd never know if the archive was changed...
Or; many public keys are now available via: apt install rpmkey-<apt component>
If that does not work use: 'apt search rpmkey' and see what there is in store.
Many keys have been collected at: http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/
So you can also point apt to the above url, like; apt install http://ftp.gwdg.de/pub/linux/misc/apt4rpm/rpmkeys/rpmkey-packman- rainer-0.1-0.pm.0.noarch.rpm (that is one line)
I did this and the system would not let me install it because the package was unsigned.