From f4510092885d2c703309a45320347a4b153ad910 Mon Sep 17 00:00:00 2001
From: Diederik de Haas <github@cknow.org>
Date: Tue, 5 May 2015 19:14:57 +0200
Subject: [PATCH] Fixed the download of the raspberry.org GPG key to be from a
 secure URL.

As ShiftPlusOne confirmed the key details via a signed message, posted
on http://pastebin.com/8UaWvHRZ and copied 'locally' here:
https://github.com/debian-pi/raspbian-ua-netinst/issues/64#issuecomment-99134357
I now consider the downloading of the raspberrypi.org signing key
secure.
This fixes issue #64.
---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 0b712bbd..ffcc5c84 100755
--- a/update.sh
+++ b/update.sh
@@ -114,7 +114,7 @@ download_package_lists() {
         exit 1
     fi
     echo -e "\nDownloading and importing raspberrypi.gpg.key..."
-    curl -# -O http://archive.raspberrypi.org/debian/raspberrypi.gpg.key
+    curl -# -O https://www.raspberrypi.org/raspberrypi.gpg.key
     gpg -q --homedir gnupg --import raspberrypi.gpg.key
     echo -n "Verifying raspberrypi.gpg.key... "
     if gpg --homedir gnupg -k 0xCF8A1AF502A2AA2D763BAE7E82B129927FA3303E &> /dev/null ; then