Fixed the download of the raspberry.org GPG key to be from a secure URL.

As ShiftPlusOne confirmed the key details via a signed message, posted on http://pastebin.com/8UaWvHRZ and copied 'locally' here: debian-pi#64 (comment) I now consider the downloading of the raspberrypi.org signing key secure. This fixes issue debian-pi#64.
diederikdehaas · May 5, 2015 · f451009 · f451009
1 parent 1bce340
commit f451009
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/update.sh b/update.sh
@@ -114,7 +114,7 @@ download_package_lists() {
         exit 1
     fi
     echo -e "\nDownloading and importing raspberrypi.gpg.key..."
-    curl -# -O http://archive.raspberrypi.org/debian/raspberrypi.gpg.key
+    curl -# -O https://www.raspberrypi.org/raspberrypi.gpg.key
     gpg -q --homedir gnupg --import raspberrypi.gpg.key
     echo -n "Verifying raspberrypi.gpg.key... "
     if gpg --homedir gnupg -k 0xCF8A1AF502A2AA2D763BAE7E82B129927FA3303E &> /dev/null ; then