vendors.list

VENDORS.LIST(5)                                                VENDORS.LIST(5)



NAME
       vendors.list - Security key configuration for APT

DESCRIPTION
       The package vendor list contains a list of all vendors from whom you
       wish to  authenticate  downloaded  packages.  For each vendor listed,
       it must contain the corresponding PGP key fingerprint, so that  APT
       can  perform  signature verification  of the release file and
       subsequent checking of the checksums of each  downloaded  package.  To
       have authentication enabled, you must add the vendor identification
       string  (see  below) enclosed in square braces to the sources.list line
       for all sites that mirror the repository provided by that vendor.

       The format of this file is similar  to  the  one  used  by apt.conf.
       It consists of an arbitrary number of blocks of vendors, where each
       block starts with a string telling the key_type and the vendor_id.

       Some vendors may have multiple blocks that define different security
       policies for their distributions. Debian for instance uses a different
       signing methodology for stable and unstable releases.

       key_type is the type of the check required.  Currently, there is only
       one type available which is simple-key.

       vendor_id is the vendor identification string. It is an arbitrary
       string you must supply to uniquely identifify a vendor that's listed in
       this file.  Example:

       simple-key "joe"
       {
          Fingerprint "0987AB4378FSD872343298787ACC";
          Name "Joe Shmoe <joe@shmoe.com>";
       }

THE SIMPLE-KEY TYPE
       This type of verification is used when the vendor has a single secured
       key that must be used to sign the Release file. The following items
       should be present

       Fingerprint
              The PGP fingerprint for the key. The fingerprint should be
              expressed in the standard notion with or without spaces.  The
              --fingerprint option for gpg(1) will show the fingerprint for
              the selected keys(s).

       Name   A string containing a description of the owner of the  key  or
              vendor.  You may put the vendor name and it's email. The string
              must be quoted with ".

FILES
       /etc/apt/vendors.list

SEE ALSO
       sources.list(5)

BUGS
       See the APT bug page <URL:http://bugs.debian.org/src:apt>.  If you wish
       to report a bug in APT, please see /usr/share/doc/debian/bug-
       reporting.txt or the reportbug(1) command.

AUTHOR
       APT was written by the APT team <apt@packages.debian.org>.



                                16 October 2007                VENDORS.LIST(5)