vendors.list man page

vendors.list — Security key configuration for APT


The package vendor list contains a list of all vendors from whom you wish to
authenticate  downloaded  packages.  For each vendor listed, it must contain the corresponding PGP key fingerprint, so that  APT  can  perform  signature verification  of the release file and subsequent checking of the checksums of each  downloaded  package.  To have authentication enabled, you must add the vendor identification string  (see  below) enclosed in square braces to the sources.list(5) line for all sites that mirror the repository provided by that vendor.

The format of this file is similar  to  the  one  used  by apt.conf(5).   It consists of an arbitrary number of blocks of vendors, where each block starts with a string telling the key_type and the vendor_id.

Some vendors may have multiple blocks that define different security policies for their distributions.  Debian for instance uses a different signing methodology for stable and unstable releases.

key_type is the type of the check required.  Currently, there is only one type available which is simple-key.

vendor_id is the vendor identification string.  It is an arbitrary string you must supply to uniquely identify a vendor that's listed in this file.


simple-key "joe"
   Fingerprint "0987AB4378FSD872343298787ACC";
   Name "Joe Shmoe <>";

The Simple-Key Type

This type of verification is used when the vendor has a single secured key that must be used to sign the Release file.  The following items should be present


The PGP fingerprint for the key.  The fingerprint should be expressed in the standard notion with or without spaces.  The --fingerprint option for gpg(1) will show the fingerprint for the selected keys(s).


A string containing a description of the owner of the  key  or vendor.   You may put the vendor name and email.  The string must be entirely within double-quotes (").



See Also



Reporting bugs in APT-RPM is best done in the APT-RPM mailinglist at


Maintainer and contributor information can be found in the credits page of APT-RPM.


14 Jun 2006 APT-RPM