Bug#304846: (fwd) apt: replace /etc/apt/trusted.gpg with /etc/apt/trusted-keys/
On Thu, Jun 30, 2005 at 11:00:18PM +0200, Peter Palfrader wrote:
> On Sat, 16 Apr 2005, Peter Palfrader wrote:
> > Currently, apt 0.6 uses a single binary file as its keyring in /etc/apt.
> > This has the disadvantage that modifying it requires special tools like
> > apt-key, and so key management is a pain.
> > The following patch makes apt use a directory in etc/apt named
> > trusted-keys/. Keys are simply placed in that directory if the user
> > wants to trust them for signing the Release file.
> Any opinions on that? Do you still want to go with a binary file in
> /etc/ that needs extra tools for management?
It is intentional that the existing authentication infrastructure relies
only on (the relatively lightweight) gpgv, and not full-blown gpg.
Your proposed method requires gpg for management, while the existing
keyring-based approach doesn't.