vendors.list

VENDORS.LIST(T)                                   VENDORS.LIST(T)



NAME
       vendors.list - Security key configuration for APT

DESCRIPTION
       The  package  vendor  list  contains a list of all vendors
       from whom you wish to  authenticate  downloaded  packages.
       For  each vendor listed, it must contain the corresponding
       PGP key fingerprint, so that  APT  can  perform  signature
       verification  of  the release file and subsequent checking
       of the checksums of  each  downloaded  package.   To  have
       authentication  enabled, you must add the vendor identifi-
       cation string (see below) enclosed in square braces to the
       sources.list line for all sites that mirror the repository
       provided by that vendor.

       The format of this file is similar  to  the  one  used  by
       apt.conf.  It consists of an arbitrary number of blocks of
       vendors, where each block starts with a string telling the
       key_type and the vendor_id.

       Some  vendors may have multiple blocks that define differ-
       ent security policies for their distributions. Debian  for
       instance  uses  a different signing methodology for stable
       and unstable releases.

       key_type is the type of the  check  required.   Currently,
       there is only one type available which is simple-key.

       vendor_id  is  the  vendor identification string. It is an
       arbitrary string you must supply to uniquely identifify  a
       vendor that's listed in this file.  Example:



       single_key "joe"
       {
          Fingerprint "0987AB4378FSD872343298787ACC";
          Name "Joe Shmoe <joe@shmoe.com>";
       }


THE SIMPLE-KEY TYPE
       This  type  of  verification is used when the vendor has a
       single secured key that must be used to sign  the  Release
       file. The following items should be present

       Fingerprint
              The  PGP  fingerprint  for the key. The fingerprint
              should be expressed in the standard notion with  or
              without   spaces.   The  --fingerprint  option  for
              gpg(g) will show the fingerprint for  the  selected
              keys(s).

       Name   A  string  containing a description of the owner of
              the key or vendor. You may put the vendor name  and
              it's email. The string must be quoted with ".


FILES
       /etc/apt/vendors.list

SEE ALSO
       sources.list(t)

BUGS
       See the APT bug page <URL:http://bugs.debian.org/apt>.  If
       you  wish  to  report   a   bug   in   APT,   please   see
       /usr/share/doc/debian/bug-reporting.txt or the bug(g) com-
       mand.

AUTHOR
       APT was written by the APT team <apt@packages.debian.org>.



                          12 March 2001           VENDORS.LIST(T)
about this index... about Greenstone...