[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#980743: release-notes: bullseye is the final release to ship apt-key

On Thu, Jan 21, 2021 at 10:22:59AM -0500, Antoine Beaupré wrote:
> Could we make that /usr/share/keyrings and talk about `signed-by` in
> sources.list entries? I've been trying really hard to convince people to
> stop granting random repos the capacity of impersonating official Debian
> repos for years now, through those instructions:
> https://wiki.debian.org/DebianRepository/UseThirdParty
> It would be great to make that more official here...
> Thanks for the deprecation, in any case, I think it's a great move forward!

We don't yet have sensible ways to do this, really. Dropping files into
/usr is bad practice, and we don't provide a directory to store keys in
/etc. Well maybe they should be in /usr/local/share/keyrings? I don't
know, it's hard to say.

My goal would be to migrate to deb822 sources files with keys embedded
in them eventually, that would solve all issues; but it's blocked by
python-apt's aptsources package and all its consumers which all need to
be changed to be able to understand deb822.

debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

Reply to: