[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Adding and using repositories during package installation?

On Wed, 22 Oct 2014 17:00:05 +0200
Malte Forkel <malte.forkel@berlin.de> wrote:

> Am 22.10.2014 um 15:38 schrieb Neil Williams:
> > Don't go messing with apt trusted files either, package the key as a
> > keyring package (like emdebian-archive-keyring) and depend on that.
> I'm nore sure: Do you think adding files in /etc/apt/sources.list.d
> (and using debconf to ask the user perform the update later) would be
> acceptable or not?
> The keys I meant are those of the PPAs that should be added. Rather
> than creating separate keyring packages for them, could I determine
> them for each PPA (how does add-apt-repository do that?) and add them
> (like in a keyring package) on the fly?


You're better off just asking people to add the PPAs and the PPA keys.
You need to be sure about the security of keys added to apt - doing
that behind the user's back is a *bad* idea.


Neil Williams

Attachment: pgpZZZttc6TS1.pgp
Description: OpenPGP digital signature

Reply to: