Re: APT public key updates?
"Michael Vogt" <firstname.lastname@example.org> wrote in message
Wait a second. How will people download the new key using apt if apt refuses
to download because it does not have the new key?
And then what about the future? A stable release will not be upgradable if
the key is not downloaded, but the key will not be downloadable.
On Fri, Jan 06, 2006 at 01:22:50AM +0100, Petter Reinholdtsen wrote:
> Sorry for the delay. I'm preparing a new upload that adds the 2006
> archive key to the default keyring.
Sounds good. Will this automatically take care of the key update and
make sure no manual intervention is needed to get packages upgraded?
I uploaded a new apt that supports multiple signatures on the release
file. The policy is that it needs at least one good signature and no
bad signatures (but any number number of NO_PUBKEY signatures) to be
considered trusted. It will still warn about missing keys but that's
only fatal if no good signature was found.
The upload also contains the new key in apts default keyring. This
dosn't fix the key-upgrade problem yet. I outlined my proposal in
Early testing (from incoming) is welcome :)
Or am i missing something? This whole thing sounds like a major problem.