Section: vendors.list (5)
Updated: 14 Jun 2006
vendors.list - Security key configuration for APT
The package vendor list contains a list of all vendors from whom you wish to
authenticate downloaded packages. For each vendor listed, it must contain
the corresponding PGP key fingerprint, so that APT can perform signature
verification of the release file and subsequent checking of the checksums
of each downloaded package. To have authentication enabled, you must add
the vendor identification string (see below) enclosed in square braces to
(5) line for all sites that mirror the repository
provided by that vendor.
The format of this file is similar to the one used by apt.conf(5).
It consists of an arbitrary number of blocks of vendors, where each block
starts with a string telling the key_type and the vendor_id.
Some vendors may have multiple blocks that define different security
policies for their distributions. Debian for instance uses a different
signing methodology for stable and unstable releases.
key_type is the type of the check required. Currently, there is only
one type available which is simple-key.
vendor_id is the vendor identification string. It is an arbitrary
string you must supply to uniquely identify a vendor that's listed in this
Name "Joe Shmoe <firstname.lastname@example.org>";
THE SIMPLE-KEY TYPE
This type of verification is used when the vendor has a single secured key
that must be used to sign the Release file. The following items should be
The PGP fingerprint for the key. The fingerprint should be expressed in the
standard notion with or without spaces. The --fingerprint option for
gpg(1) will show the fingerprint for the selected keys(s).
A string containing a description of the owner of the key or vendor. You
may put the vendor name and email. The string must be entirely within
Reporting bugs in APT-RPM is best done in the APT-RPM mailinglist at
Maintainer and contributor information can be found in the credits page