But I am stuck at the first step for importing the public key for Spotify.
The recommendation is to check the fingerprint(?) on different keyservers to ensure that the public key is correct. But it is not clear how to do this.
I run this step:
[user@t-multimedia ~]$ gpg --keyid-format long --with-fingerprint spotify.pubkey
I get exactly as they get:
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096/D1742AD60D811D58 2020-09-08 [SC] [expires: 2021-12-02]
Key fingerprint = 8FD3 D9A8 D380 0305 A9FF F259 D174 2AD6 0D81 1D58
uid Spotify Public Repository Signing Key <tux@spotify.com>
Should I trust the fingerprint - it is not clear how to check the fingerprint at other keyservers (which ones would have the Spotify pub key?)
I have reviewed several posts like this:
How do I verify that I have found the correct public key ?
Thanks. I found the public key/fngerprints on those two websites.
A follow up question:
The next step is to add the spotify repo url to the sources.list.d folder.
I notice the string is “http://repository.spotify.com”, not “https”.
The sources.list contain https urls for debian repo.
So i tried updating packages with https and i got this:
Certificate verification failed: The certificate is not trusted.