disable updating insecure repositories in apt by default

[apt.git] / doc / apt-key.8.xml

diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index 1d91790eaf128a7a8c1c14ab334ffdc9c00231d7..41628aff6e52c38e3a240c5e3f4e152d065b9245 100644 (file)
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -48,7 +48,11 @@
        &synopsis-param-filename; or if the filename is <literal>-</literal>
        from standard input.
      </para>
        &synopsis-param-filename; or if the filename is <literal>-</literal>
        from standard input.
      </para>

-
+     <para>
+     It is critical that keys added manually via <command>apt-key</command> are
+     verified to belong to the owner of the repositories they claim to be for
+     otherwise the &apt-secure; infrastructure is completely undermined.
+     </para>

      </listitem>
      </varlistentry>
 
      </listitem>
      </varlistentry>
 


@@ -110,10 +114,11 @@
      <varlistentry><term><option>adv</option></term>
      <listitem>
      <para>
      <varlistentry><term><option>adv</option></term>
      <listitem>
      <para>

-
-     Pass advanced options to gpg. With adv --recv-key you can download the 
-        public key.  
-
+     Pass advanced options to gpg. With <command>adv --recv-key</command> you
+     can e.g. download key from keyservers directly into the the trusted set of
+     keys. Note that there are <emphasis>no</emphasis> checks performed, so it is
+     easy to completely undermine the &apt-secure; infrastructure if used without
+     care.

      </para>
 
      </listitem>
      </para>
 
      </listitem>