1 files changed, 109 insertions, 0 deletions

diff --git a/doc/vendors.list.5.xml b/doc/vendors.list.5.xml
new file mode 100644
index 000000000..a14b36a46
--- /dev/null
+++ b/doc/vendors.list.5.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="utf-8" standalone="no"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!ENTITY % aptent SYSTEM "apt.ent">
+%aptent;
+
+]>
+
+<refentry>
+ &apt-docinfo;
+ 
+ <refmeta>
+   <refentrytitle>vendors.list</refentrytitle>
+   <manvolnum>5</manvolnum>
+ </refmeta>
+ 
+ <!-- Man page title -->
+ <refnamediv>
+    <refname>vendors.list</refname>
+    <refpurpose>Security key configuration for APT</refpurpose>
+ </refnamediv>
+ 
+ <refsect1><title>Description</title>
+
+   <para>The package vendor list contains a list of all vendors
+   from whom you wish to  authenticate  downloaded  packages.
+   For each vendor listed, it must contain the corresponding
+   PGP key fingerprint, so that  APT  can  perform  signature
+   verification  of the release file and subsequent checking
+   of the checksums of each  downloaded  package.
+   To have authentication enabled, you must add the 
+   vendor identification string  (see  below) enclosed in
+   square braces to the sources.list line for all sites that mirror
+   the repository provided by that vendor.</para>
+
+   <para>The format of this file is similar  to  the  one  used  by
+   apt.conf.  It consists of an arbitrary number of blocks of
+   vendors, where each block starts with a string telling the
+   <replaceable>key_type</replaceable> and the
+   <replaceable>vendor_id</replaceable></para>
+
+   <para>Some vendors may have multiple blocks that define different
+   security policies for their distributions. Debian for instance
+   uses a different signing methodology for stable and unstable releases.</para>
+   <para><replaceable>key_type</replaceable> is the type of the check required.
+   Currently, there is only one type available which is 
+   <literal>simple-key</literal>.</para>
+
+   <para><replaceable>vendor_id</replaceable> is the vendor identification
+   string. It is an arbitrary string you must supply to uniquely identifify a
+   vendor that's listed in this file.
+   
+   Example:
+  </para> 
+<informalexample><programlisting>   
+simple-key "joe"
+{
+   Fingerprint "0987AB4378FSD872343298787ACC";
+   Name "Joe Shmoe &lt;joe@shmoe.com&gt;";
+}						    
+</programlisting></informalexample>
+ </refsect1>
+
+ <refsect1><title>The simple-key type</title>
+
+   <para>This type of verification is used when the vendor has a single
+   secured key that must be used to sign the Release file. The
+   following items should be present</para>
+   
+   <variablelist>
+     <varlistentry><term>Fingerprint</term>
+     <listitem><para>
+     The PGP fingerprint for the key. The fingerprint should be
+     expressed in the standard notion with or without spaces.
+     The <option>--fingerprint</option> option for 
+     <citerefentry><refentrytitle><command>gpg</command></refentrytitle><manvolnum>1</manvolnum></citerefentry>
+     will show the fingerprint for the selected keys(s).
+     </para>
+     </listitem>
+     </varlistentry>
+
+     <varlistentry><term>Name</term>
+     <listitem><para>
+     A string containing a description of the owner of
+     the  key  or vendor.  You may put the vendor name and it's
+     email. The string must be quoted with ".
+     </para>
+     </listitem>
+     </varlistentry>
+     
+   </variablelist>
+ </refsect1>
+
+ <refsect1><title>Files</title>
+   <para><filename>/etc/apt/vendors.list</filename></para>
+ </refsect1>
+ 
+ <refsect1><title>See Also</title>
+   <para>
+   &sources-list;
+   </para>
+ </refsect1>
+
+ &manbugs;
+ &manauthor;
+ 
+</refentry>
+