Alois Mahdal wrote: > Sven Joachim wrote: > > > when downloading source packages, I see error regarding > > > trustedkeys.gpg:
Ignore the message about .gnupg/trustedkeys.gpg. It is a distraction from the real problem. > > Install the debian-keyring package. > > Thanks, worked! APT does not complain with the same... Yes. The answer is the debian-keyring package. > Oh, so APT uses different key(ring) to verify sources than to > verify .deb packages? I find it quite confusing as well as the > fact that while keys for .deb are present by default, keys for > src are not... (Correct me if I'm wrong). I am sure the reasoning is size. Look at the size difference between the two keyrings. $ apt-cache show debian-archive-keyring |grep Size: Installed-Size: 72 Size: 26218 $ apt-cache show debian-keyring | grep Size: Installed-Size: 34988 Size: 31071928 The archive is signed with the archive key and so is very small. But the source packages are signed with the key of the DD uploader and so there are very many of them. If you have a small system then you might not have space for it. And on a small embedded system you might never need it. Bob
signature.asc
Description: Digital signature