LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-20-2009, 06:29 PM   #1
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Angry Will you give me a KISS?


I'm really pissed off.It's time to admit some things here.
I know,it's Linux,it's GNU,it's Debian,or Gentoo or Arch etc.etc.but it doesn't have to be so f..... complicated sometimes.
Sometimes it doesn't have to be so stupid or hard or boring or time wasting.
Windblows isn't complicated,it just crashes.Most often when one don't want it to crash,but there's something charming about that.
This is not charming.
This is true,I never really had to deal with these gpg keys and importing and public and private stuff and why is key there if it's expired? Why?
Why is "key expires on..." mentioned only on the very bottom of the FAQ page ( it doesn't matter on what site ) with letters so small that you need a magnifier.
How do you disable gpg checking of a one single repo in Debian? How?
Should I learn something about nuclear fusion first before I...nevermind.
Why find can't find?

Is this simple?;

Quote:
There are 2 steps to validate a key:
1. First check that there is a complete chain of signed keys from the public key you want to use
and your key and verify each signature.
2. Make sure that you have full trust in the certificates of all the introduces between the public key holder and
you.
Step 2 is the more complicated part because there is no easy way for a computer to decide who is trustworthy and who is not.GnuPG leaves this decision to you and will ask you for a trust value (here also referenced as the owner-trust of a key) for every key needed to check the chain of certificates.You may choose from:

a) "I don't know" - then it is not possible to use any of the chains of certificates, in which this key is used as an introducer,to validate the target key.Use this if you don't know the introducer.
b) "I do not trust" - Use this if you know that the introducer does not do a good job in certifying other keys.The effect is the same as with a) but for a) you may later want to change the value because you got new information about this introducer.
c) "I trust marginally" - Use this if you assume that the introducer knows what he is doing.Together with some other marginally trusted keys,GnuPG validates the target key then as good.
d) "I fully trust" - Use this if you really know that this introducer does a good job when certifying other keys.If all the introducer are of this trust value,GnuPG normally needs only one chain of signatures to validate a target key okay. (But this may be adjusted with the help of some options).This information is confidential because it gives your personal opinion on the trustworthiness of someone else.Therefore this data is not stored in the keyring but in the "trustdb"(~/.gnupg/trustdb.gpg).Do not assign a high trust value just because the introducer is a friend of yours - decide how well she understands the implications of key signatures and you may want to tell her more about public key cryptography so you can later change the trust value you assigned.
Okay, here is how GnuPG helps you with key management.Most stuff is done with the --edit-key command;

gpg --edit-key <keyid or username>

GnuPG displays some information about the key and then prompts for a command (enter "help" to see a list of commands and see the man page for a more detailed explanation).To sign a key you select the user ID you want to sign by entering the number that is displayed in the leftmost column (or do nothing if the key has only one user ID) and then enter the command "sign" and follow all the prompts. When you are ready, give the command "save" (or use "quit" to cancel your actions).
If you want to sign the key with another of your user IDs, you must give an "-u" option on the command line together with the "--edit-key".
Normally you want to sign only one user ID because GnuPG uses only one and this keeps the public key certificate small.Because such signatures are very important you should make sure that the signatories of your key sign a user ID which is very likely to stay for a long time - choose one with an email address you have full control of or do not enter an email address at all.In future GnuPG will have a way to tell which user ID is the one with an email address you prefer - because you have no signatures on this email address it is easy to change this address.Remember, your signatories sign your public key (the primary one) together with one of your user IDs - so it is not possible to change the user ID later without voiding all the signatures.
Tip: If you hear about a key signing party on a computer conference join it because this is a very convenient way to get your key certified (But remember that signatures have nothing to to with the trust you assign to a key).

Ways to Specify a User ID
---------------------------

There are several ways to specify a user ID,here are some examples;

* Only by the short keyid (prepend a zero if it begins with A..F):

"234567C4"
"0F34E556E"
"01347A56A"
"0xAB123456

* By a complete keyid:

"234AABBCC34567C4"
"0F323456784E56EAB"
"01AB3FED1347A5612"
"0x234AABBCC34567C4"

* By a fingerprint:

"1234343434343434C434343434343434"
"123434343434343C3434343434343734349A3434"
"0E12343434343434343434EAB3484343434343434"

The first one is a short fingerprint for PGP 2.x style keys.
The others are long fingerprints for OpenPGP keys.

* By an exact string:

"=Heinrich Heine <heinrichh@NOSPAM>"

* By an email address:

"<heinrichh@NOSPAM>"

* By word match


Batch mode
----------

If you use the option "--batch", GnuPG runs in non-interactive mode and never prompts for input data. This does not even allow entering the
passphrase.Until we have a better solution (something like ssh-agent),you can use the option "--passphrase-fd n", which works like PGP's PGPPASSFD.
Batch mode also causes GnuPG to terminate as soon as a BAD signature is detected.
Where is the logic here;
Quote:
* This actually has nothing to do with secure apt. debsig-verify checks for signatures embedded inside individual Debian packages. Since such signatures are not widely used (we use secure apt instead), it doesn't work very well to install this, and removing the debsig-verify package will fix the problem.
* If apt-get update outputs this;

-GPG error: http://non-us.debian.org stable/non-US Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F1D53D8C4F368D5D
-You may want to run apt-get update to correct these problems

* remove non-us from /etc/apt/sources.
Or here;
Quote:
(What does the "gpg: no ultimately trusted keys found" warning mean? --> The Warning: "no ultimately trusted keys found" means that gpg was not configured to ultimately trust a specific key. Trust settings are part of OpenPGPs Web-of-Trust which does not apply here. So there is no problem with this warning. In usual setups the users own key is ultimately trusted.)
O yes,we have a newest bug too.It's here.
What have I been doing for the last 4 hours? Nothing.

We need distributions that will work before you break them not distros that will break while you're working on them or tryin' to or which won't work at all and we need them to be released when they work not on some stupidly determined date.
We need simplicity,newbies especially.From simplicity we can build complexity.
We need good free manuals,tutorials etc. well organized.
We need apps that work!
Where we will go if we continue like this? Where? We,freedom fighters?
Do it right or don't do it!

My laptop is going to kiss the wall very s
 
Old 04-20-2009, 06:34 PM   #2
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809

Rep: Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743Reputation: 743
Could you repeat the question.......

Seriously, it's the minority that is going to wade through all of that and try to say something intelligent.
 
Old 04-20-2009, 09:40 PM   #3
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
Quote:
Windblows isn't complicated,it just crashes.Most often when one don't want it to crash,but there's something charming about that.
Windows is terribly complicated. It just doesn't look like it to the average user because it is so opaque. But the complexity plus the opacity is why people are all the time reloading it; it is very very hard to fix.

In fact, it is far, far harder to even work on than Linux is, because it is so opaque and because the documentation to tell you what to do often doesn't exist at all. And don't say you don't need to work on Windows; if you say that then you've never replaced a card or expanded a system, or (heaven help us!) built a system. Or, for that matter, eliminated spyware, trojans, and assorted malware. Or cleaned up after a corrupted filesystem that didn't get chkdsk'ed soon enough.

At least, with Linux, the documentation exists. It may not be good. It may often be hard to understand. But it exists. So you don't have to keep reloading the system.

In the current circumstance, I recommend that you just get up from the computer, walk away, go drink a beer, and mull it over. Then come back tomorrow, sit down, and watch how quickly it all falls into place.

Last edited by jiml8; 04-20-2009 at 09:42 PM.
 
Old 04-20-2009, 10:26 PM   #4
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Linux 11 (Bullseye)
Posts: 3,407

Rep: Reputation: 141Reputation: 141
"No PUBKEY found" - is that your problem?

Code:
      gpg --keyserver subkeys.pgp.net --recv KEY
      gpg --export --armor KEY | sudo apt-key add -
Note that "KEY" is the key you need to add. It goes without saying that you want to add only keys you trust.

Also, try this thread and see if it helps: http://www.linuxquestions.org/questi...ight=keyserver
 
Old 04-21-2009, 05:17 AM   #5
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301Reputation: 1301
Oh, so you want a KISS distro ? Try slackware.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Kiss SCO Goodbye, Again LXer Syndicated Linux News 0 11-26-2008 05:01 AM
new slacker..kiss the blue screen of death! dfm LinuxQuestions.org Member Intro 2 11-19-2008 07:43 AM
Let me start over.....KISS ME! (Long post) BuckNekkid Linux - General 5 07-25-2007 01:42 PM
KISS project Heiland Linux - Distributions 2 10-01-2005 08:47 AM
How penguin kiss? linuxzouk General 6 06-17-2004 12:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration