X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/d4273c55e34cdf5a355b4edd92df61a83cfab318..766761fd836d9e247daea924809965c21cc65dc7:/doc/apt-key.8.xml diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index 6a36d08ca..b5319efa3 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -1,13 +1,9 @@ <?xml version="1.0" encoding="utf-8" standalone="no"?> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - -<!ENTITY % aptent SYSTEM "apt.ent"> -%aptent; - -<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> -%aptverbatiment; - +<!ENTITY % aptent SYSTEM "apt.ent"> %aptent; +<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment; +<!ENTITY % aptvendor SYSTEM "apt-vendor.ent"> %aptvendor; ]> <refentry> @@ -17,7 +13,7 @@ &apt-email; &apt-product; <!-- The last update date --> - <date>2012-06-09T00:00:00Z</date> + <date>2015-10-15T00:00:00Z</date> </refentryinfo> <refmeta> @@ -52,7 +48,11 @@ &synopsis-param-filename; or if the filename is <literal>-</literal> from standard input. </para> - + <para> + It is critical that keys added manually via <command>apt-key</command> are + verified to belong to the owner of the repositories they claim to be for + otherwise the &apt-secure; infrastructure is completely undermined. + </para> </listitem> </varlistentry> @@ -114,10 +114,11 @@ <varlistentry><term><option>adv</option></term> <listitem> <para> - - Pass advanced options to gpg. With adv --recv-key you can download the - public key. - + Pass advanced options to gpg. With <command>adv --recv-key</command> you + can e.g. download key from keyservers directly into the the trusted set of + keys. Note that there are <emphasis>no</emphasis> checks performed, so it is + easy to completely undermine the &apt-secure; infrastructure if used without + care. </para> </listitem> @@ -130,7 +131,7 @@ Update the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the <literal>archive-keyring</literal> package of your - distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian. + distribution, e.g. the &keyring-package; package in &keyring-distro;. </para> @@ -180,12 +181,12 @@ <listitem><para>Local trust database of archive keys.</para></listitem> </varlistentry> - <varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term> - <listitem><para>Keyring of Debian archive trusted keys.</para></listitem> + <varlistentry><term>&keyring-filename;</term> + <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem> </varlistentry> - <varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term> - <listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem> + <varlistentry><term>&keyring-removed-filename;</term> + <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem> </varlistentry> </variablelist>