Bug#1026087: ITP: distribution-gpg-keys -- GPG keys by various Linux distributions

To: 1026087@bugs.debian.org
Subject: Bug#1026087: ITP: distribution-gpg-keys -- GPG keys by various Linux distributions
From: Christoph Anton Mitterer <calestyo@scientia.org>
Date: Tue, 16 May 2023 01:44:09 +0200
Message-id: <[🔎] 007a4ee9416535ade7524bf2cdd25476c2a50259.camel@scientia.org>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.org>, 1026087@bugs.debian.org
References: <Y5ndRmFJ28LaJkKO@ext-mx0.grabowski.at>

Hey.


1) Just for the records:

https://github.com/xsuchy/distribution-gpg-keys/issues/76
was closed/rejected... I proposed some alternative names there
(completely avoiding GPG|[Open]PGP terms).... but it feels as if the
upstream author wants to stick with the name?!

So from that PoV, there's IMO no need to wait with this packaging
effort.


2) What would be nice to see in the final package (in terms of
security), was a test suite (when builing the package) that compares
the contained keys with those of the respective upstream locations (or
in case of Debian, with those in debian-archive-keyring).

Not that I want to say that upstream is untrustworthy, but everyone can
be hacked, and such a test suite might help to notice if there are
differences.


3) Hope to see this in Debian (and derivates) soon, as it might help
that mkosi upstream changes the default behaviour to never fall back to
only HTTPS-secured downloading of packages:
https://github.com/systemd/mkosi/issues/757

Cheers,
Chris.

Reply to:

Prev by Date: Bug#1036134: O: asterisk-prompt-fr-proformatique -- French voice prompts for Asterisk
Next by Date: Processed: RFS: gpsd/3.25-1~exp1 [ITA] -- Global Positioning System - daemon
Previous by thread: Bug#1036134: O: asterisk-prompt-fr-proformatique -- French voice prompts for Asterisk
Next by thread: Processed: RFS: gpsd/3.25-1~exp1 [ITA] -- Global Positioning System - daemon
Index(es):
- Date
- Thread