Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository

To: debian-devel@lists.debian.org
Cc: 922155@bugs.debian.org
Subject: Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
From: Ansgar <ansgar@debian.org>
Date: Wed, 13 Feb 2019 17:17:27 +0100
Message-id: <[🔎] ed799f2a907f6126e943d34ae52cb3e888363095.camel@43-1.org>
In-reply-to: <[🔎] 20190213154106.GA14974@blackfractal.noc.lindalap.net>
References: <F9FDA5CLXX.2H05Z6NL8790N@blackfractal.noc.lindalap.net> <[🔎] 154999673715.21784.6151807073673980463@auryn.jones.dk> <F9FDA5CLXX.2H05Z6NL8790N@blackfractal.noc.lindalap.net> <[🔎] 155000403022.21784.5182605772098476972@auryn.jones.dk> <[🔎] 20190213154106.GA14974@blackfractal.noc.lindalap.net>

On Wed, 2019-02-13 at 15:41 +0000, Linda Lapinlampi wrote:
> Template: matrix-archive-keyring/sources.list
> Type: boolean
> Default: false
> _Description: Use APT data sources from Matrix.org?
>  The Matrix.org Debian package repository distributes supplemental Matrix.org
>  related packages intended to work with the Debian distribution, but require
>  software software outside of the distribution to either build or function.
>  These packages are digitally signed with keys from matrix-archive-keyring.
>  .
>  The Debian Project will be unable to directly support issues faced from using
>  supplemental packages from this third-party repository. Packages from these
>  APT sources may be non-conforming to the technical requirements set in the
>  Debian Policy for the Debian distribution.

More important is the question if the system should /trust/ the keys.

IMHO installing a non-Debian keyring should *not* make the keys trusted
by APT by default (i.e. with the default answer if debconf is used).

ubuntu-keyring does that; most other keyrings sadly do not follow this.

Ansgar

Reply to:

Follow-Ups:
- Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
  - From: Linda Lapinlampi <linda@lindalap.fi>

References:
- Re: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
  - From: Jonas Smedegaard <jonas@jones.dk>
- Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
  - From: Linda Lapinlampi <linda@lindalap.fi>

Prev by Date: Re: Removal of linux-base from jessie-backports broke Xen upstream CI
Next by Date: Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
Previous by thread: Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
Next by thread: Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository
Index(es):
- Date
- Thread