On 28 janv. 2015 08:16, Frank Hartmann <soundart@???> wrote:
[...]
> $ gpg --keyid-format LONG -v Release.gpg
> gpg: armor header: Version: GnuPG v1
> Detached signature.
> Please enter name of data file: Release
> gpg: Signature made Di 27 Jan 2015 20:40:38 CET
> gpg: using RSA key 5C808C2B65558117
> gpg: Can't check signature: public key not found
>
> So why was apt installing the package which was signed by an unknown
> key? I would have hoped that it would refuse to install after having
> received an wrong-key-signed update.
The public key for my repository doesn't exist in your pubring.gpg
file. You must first import my key :
gpg --recv-keys 5C808C2B65558117 --keyserver pgp.mit.edu
Now you can check again the Release.gpg file.
Christian
