X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/a2d40703e4a5590a689ace4466f92e590434944d..995a4bf6d770a5cc824c38388909f23fcca558c3:/doc/apt-key.8.xml

diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index 1d91790ea..41628aff6 100644
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -48,7 +48,11 @@
        &synopsis-param-filename; or if the filename is <literal>-</literal>
        from standard input.
      </para>
-
+     <para>
+     It is critical that keys added manually via <command>apt-key</command> are
+     verified to belong to the owner of the repositories they claim to be for
+     otherwise the &apt-secure; infrastructure is completely undermined.
+     </para>
      </listitem>
      </varlistentry>
 
@@ -110,10 +114,11 @@
      <varlistentry><term><option>adv</option></term>
      <listitem>
      <para>
-
-     Pass advanced options to gpg. With adv --recv-key you can download the 
-	 public key.  
-
+     Pass advanced options to gpg. With <command>adv --recv-key</command> you
+     can e.g. download key from keyservers directly into the the trusted set of
+     keys. Note that there are <emphasis>no</emphasis> checks performed, so it is
+     easy to completely undermine the &apt-secure; infrastructure if used without
+     care.
      </para>
 
      </listitem>