How can you verify if a repository key is trustworthy?

Asked Aug 11 '16 at 23:34

Active Aug 11 '16 at 23:34

Viewed 108 times

Yesterday when trying to update a server, we got a BADSIG error - the repository was au.archive.ubuntu.com

After a bit of research, we found that we had to reimport the key that is listed in the error message - but I'm wondering how do we know that new key is trustworthy?

How to fix missing GPG keys?

http://naveenubuntu.blogspot.com.au/2011/08/fixing-gpg-keys-in-ubuntu.html

edited Apr 13 '17 at 12:23

Community

asked Aug 11 '16 at 23:34

HorusKol

1,497

Remember, there is also http://security.stackexchange.com – mchid Aug 12 '16 at 03:41
As what the user said above, I'd recommend looking around on security.stackexchange.com, they're some really smart folks over there, and keep browsing this forum as well, I know this question has been asked elsewhere I just can't seem to find the link. – TheCodingKlam Aug 18 '16 at 03:07

How can you verify if a repository key is trustworthy?

0 Answers0