Re: Facilitating external repositories

To: Wouter Verhelst <wouter@debian.org>
Cc: Paul Wise <pabs@debian.org>, debian-devel@lists.debian.org, deity@lists.debian.org
Subject: Re: Facilitating external repositories
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 23 Jul 2015 13:03:15 +0100
Message-id: <[🔎] 21936.55299.724772.736543@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20150723081421.GA5349@grep.be>
References: <20150604161816.GD10941@grep.be> <20150605161051.GA1471@jtriplet-mobl1> <20150607090836.GA307@grep.be> <20150607183001.GA31028@x> <20150607215523.GG7669@grep.be> <87sia2isgc.fsf@xoog.err.no> <20150609165225.GA5329@grep.be> <m2381wypoi.fsf@rahvafeir.err.no> <CAKTje6GXX3GjHhre1KPza8M-O516BHPJZyR4s1m7DdO=XLx8ew@mail.gmail.com> <[🔎] 20150723081421.GA5349@grep.be>

Wouter Verhelst writes ("Re: Facilitating external repositories"):
> - It may be GPG-signed by one or more keys. Apt should have a way of
>   configuring GPG keys that may be allowed to sign sources.list files,
>   preloaded with the set of keys in the Debian keyring. This will allow
>   system administrators in large environments to specify their own set
>   of keys allowed to sign repositories, as well as allowing downstreams
>   to add its own ways of trusting repositories.

The /name/ of the external repository should also be covered by the
signature.

Ian.

Reply to:

Follow-Ups:
- Re: Facilitating external repositories
  - From: Wouter Verhelst <w@uter.be>

References:
- Re: Facilitating external repositories
  - From: Wouter Verhelst <wouter@debian.org>

Prev by Date: Re: Packaging ASL
Next by Date: Re: Ad-hoc survey of existing Debian git integration tools
Previous by thread: Re: Facilitating external repositories
Next by thread: Re: Facilitating external repositories
Index(es):
- Date
- Thread