Home Forums Wiki Doc Install Extras Screenshots Source Code Projects Blog Users Groups Register
Glx-Dock / Cairo-Dock List of forums Ideas | Propositions repository is not signed!
The latest stable release is the *3.4.0* : How to install it here.
Note: We just switched from BZR to Git on Github! (only to host the code and your future pull requests)
Ideas | Propositions

Subjects Author Language Messages Last message
[Locked] repository is not signed!
Page : 1 2
ppmt English 23 ppmt [Read]
28 April 2008 à 19:24

ppmt, Wednesday 23 April 2008 à 05:31


Subscription date : 29 November 2007
Messages : 3520
Hi,

I was hanging on the englsih irc tonight and someone tried to install the dock via the ubuntu repository

It appears that the package are not signed....they should be really..

So Mav can you find out how to sign the package....it would look better.

et en francais: les paquets du depot ubuntu ne sont pas signe! Serait-il possible de les signer....ca fait plus pro!

Mav, Wednesday 23 April 2008 à 08:35


Subscription date : 29 November 2007
Messages : 3146
Oui effectivement faudrait que je les signe, Anubis l'a fait déjà pour les paquets opensuse

Anubis, Wednesday 23 April 2008 à 16:58


Subscription date : 23 March 2008
Messages : 86
i think that sign is very important...want do you think to create a single key for all officiale repositories? i could create it and send you (both, private and public, of course)

Mav, Wednesday 23 April 2008 à 18:36


Subscription date : 29 November 2007
Messages : 3146
Sure Anubis, we can do it
I need to have a look at it, the way to integrate on my repository

Anubis, Wednesday 23 April 2008 à 21:08


Subscription date : 23 March 2008
Messages : 86
only need a mail..does exist a "@glx-dock.org" or something similar?

also the mailing list one should be good (do we have a mailing list?)

Mav, Wednesday 23 April 2008 à 21:40


Subscription date : 29 November 2007
Messages : 3146
Sure, I can create an email adress but it would be better to a redirection to your personnal mail address
Send me an email or msn me your login passwd and your email that I can redirected on

Anubis, Wednesday 23 April 2008 à 21:55


Subscription date : 23 March 2008
Messages : 86
if the key should be one for all repositories we cannot use my or, your personal mail...... i think so..

cause of that i was asking for a "mailing list" one

Anubis, Saturday 26 April 2008 à 15:55


Subscription date : 23 March 2008
Messages : 86
and??? wich mail have i to use?

Mav, Saturday 26 April 2008 à 17:05


Subscription date : 29 November 2007
Messages : 3146
as you wish, I can create an email repository@glx-dock.org redirected to my and your email

Anubis, Sunday 27 April 2008 à 09:32


Subscription date : 23 March 2008
Messages : 86
that's perfect....

so i'm using it to create the key... (che PM to find my mail and where to find Private key)

about private key, should be better use MSN

---edit---

so...

Name Cairo-Dock Team

E-Mail repository@glx-dock.org

Key-ID 0x41317877

Key Fingerprint 7F519117BF5E1805D98075E21392A97E41317877


the key has yet been signed bye me i need you to sign it (and if we can do it, also bye Fabounet)

(i sent you the key that you will sign...the you give it to fabounet that he will sign, than he will send to us the 3 times signed key..

so me you and fabounet will have that key and i will be able to send to key-servers a good public one)

if you know a faster way..let me know it

Anubis, Sunday 27 April 2008 à 18:00


Subscription date : 23 March 2008
Messages : 86
everybody would like to sign the key.... you could find it here:

http://pgp.mit.edu:11371/pks/lookup?search=cairo-dock&op=index&fingerprint=on

or faster...here:

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41317877


(YOU MUST HAVE YOUR PERSONAL PRIVATE KEY TO SIGN)


to sign do that:

copy the ASCII text

(

-----BEGIN PGP PUBLIC KEY BLOCK-----

and

-----END PGP PUBLIC KEY BLOCK-----

included)

open your text editor, past and savefile like name-you-want.key than import it (could use kgpg for example)

now you can sign it...once you have done it please re-send it on the server.. (if you use kgpg, right click on the key-->export public keys-->dfault key serve)

and that's all...

Mav, Sunday 27 April 2008 à 23:39


Subscription date : 29 November 2007
Messages : 3146
So I worked onit with anubis and I signed the repository as requested.
I added the way to add the authentication key in the wiki so please try and let me know if I did things right

ppmt, Sunday 27 April 2008 à 23:46


Subscription date : 29 November 2007
Messages : 3520
where is it in the wiki? not that I can test it but...

Mav, Monday 28 April 2008 à 00:22


Subscription date : 29 November 2007
Messages : 3146
http://www.glx-dock.org/ww_page.php?p=Par%20d%E9p%F4t&lang=fr

Anubis, Monday 28 April 2008 à 16:07


Subscription date : 23 March 2008
Messages : 86
ppmt if you can please sign our key.... the same thing is for fabounet and all others guys here!

ppmt, Monday 28 April 2008 à 17:20


Subscription date : 29 November 2007
Messages : 3520
what do you mean sign your key? why? I never do anything for the dock itself....

also I don't really understand key. What if I loose my key ? I mean in the past I created key only to loos them or forget the password....

Anubis, Monday 28 April 2008 à 18:24


Subscription date : 23 March 2008
Messages : 86
so..

i create a "CAIRO-DOCK REPOSITORY" key.. with that one we (me and mav) sign OFFICIAL packages and repositories...

only how have THE PRIVATE key could SIGN..

you can download the PUBLIC one to check the PRIVATE key..if the CHECK is OK you are sure that who sign is really us and not somebody else...

BUT....there is a BUT...

because everybody could create a key pair with the same Name and E-Mail you are not sure who really create the REAL key...

so, everybody have a their OWN key, could check Key-ID and most of all the FINGERPRINT...

if both are correct the public key (avaible to everibody, how name say) coulf be signed to certify that the owener of the key is really who we are thinking to be...

of course..more signs more security...

to sign you must have your private key...

to sign, as i told, we need a private key....with the related public key (key are ever 2, we are talking about a key pair) EVERYBODY is able check IDENTITY (so we have an autentication)

to ENCRYPT we need a public key.... infact..only the related PRIVATE key owner is able do decrypt....

ok? i hope you to understand..

what about i lost the private one? or i forget the password? or somebody steal me my private key??

it's easy...you need a revocation certificate... (should be usefull to generate it with the key..cause to create it i need the PRIVATE key..and if i lost my key or password i have no more my key)

this certificate MUST be imported into keyring with the public key... so you revocate the key...

to make public all things (the public key and the revocation certificate) key-servers are used....

all key-servers are syncs each others..so any server have same PUBLIC (and only the public) KEY...

at any sign on public key an update to server is needed (or only who sign will be able to see the sign)

in the same way, if a key is revoked you simply need to import revokation certificate into key ring and upload the INVALID public key to servers.. like that anybody use that key, on next syncs, will found that yet revoked, without need to import the revokation certificate...

tell me if i'm not a good teacher...

i'll try to explain it better

nochka85, Monday 28 April 2008 à 18:31


Subscription date : 29 November 2007
Messages : 7408
I don't understand ... we need to sign it, all of us ???
Why not only the devs (and script makers ) ???

ppmt, Monday 28 April 2008 à 18:52


Subscription date : 29 November 2007
Messages : 3520
Sorry Anubis but you lost me on that one

But as I say: I understand the logic behind key but the logistic of it is beyond my capacities

Anubis, Monday 28 April 2008 à 19:00


Subscription date : 23 March 2008
Messages : 86
nochka85 wrote:

I don't understand ... we need to sign it, all of us ???
Why not only the devs (and script makers ) ???


no signs are needed but as i wrote....

Anubis wrote:

of course..more signs more security...


@ ppmt

ppmt wrote:

Sorry Anubis but you lost me on that one

But as I say: I understand the logic behind key but the logistic of it is beyond my capacities


what dou you think about irc or msn?? we could talk better there

Ideas | Propositions

Subjects Author Language Messages Last message
[Locked] repository is not signed!
Page : 1 2
ppmt English 23 ppmt [Read]
28 April 2008 à 19:24


Glx-Dock / Cairo-Dock List of forums Ideas | Propositions repository is not signed! Top

Online users :

Powered by ElementSpeak © 2007 Adrien Pilleboue, 2009-2013 Matthieu Baerts.
Dock based on CSS Dock Menu (Ndesign) with jQuery. Icons by zgegball
Cairo-Dock is a free software under GNU-GPL3 licence. First stable version created by Fabounet.
Many thanks to TuxFamily for the web Hosting and Mav for the domain name.