Hi,
2018年8月23日(木) 22:01 Sean Whitton <
spwhitton@spwhitton.name>:
>
> > However, we shouldn't start shipping random key material for various
> > other places that just happen to offer their software in a format that
> > is consumable by apt.
>
> Providing the keyrings just as data, and not automatically adding them
> as trusted by apt, might be useful for bootstrapping trust paths,
> however.
As far as I know, in most cases, keyrings are added automatically. (not just as data)
I thought that it is common sense in Debian, but it is better to ask users explicitly
during install process (dconf?) if package will put keyring under /etc/apt/trusted.gpg.d/.
debian-ports-archive-keyring-2018.01.05
* install keyring to /usr/share/keyrings and /etc/apt/trusted.gpg.d directly
emdebian-archive-keyring-2.2
* install keyring to /etc/apt/trusted.gpg.d directly
leap-archive-keyring-2017.11.24
* install keyring to /usr/share/keyrings and /etc/apt/trusted.gpg.d directly
neurodebian-0.37.6/
* install keyring to /etc/apt/trusted.gpg.d directly
pkg-mozilla-archive-keyring-1.2/
* install keyring to /etc/apt/trusted.gpg.d directly
ubuntu-keyring-2016.05.13/debian/install
* install keyrings to /usr/share/keyrings
* symlink from /etc/trusted.gpg.d during postinst
Regards,
--
Kentaro Hayashi <
kenhys@gmail.com>