Bug#980743: release-notes: bullseye is the final release to ship apt-key
On Thu, Jan 21, 2021 at 10:22:59AM -0500, Antoine Beaupré wrote:
> Could we make that /usr/share/keyrings and talk about `signed-by` in
> sources.list entries? I've been trying really hard to convince people to
> stop granting random repos the capacity of impersonating official Debian
> repos for years now, through those instructions:
>
> https://wiki.debian.org/DebianRepository/UseThirdParty
>
> It would be great to make that more official here...
>
> Thanks for the deprecation, in any case, I think it's a great move forward!
>
We don't yet have sensible ways to do this, really. Dropping files into
/usr is bad practice, and we don't provide a directory to store keys in
/etc. Well maybe they should be in /usr/local/share/keyrings? I don't
know, it's hard to say.
My goal would be to migrate to deb822 sources files with keys embedded
in them eventually, that would solve all issues; but it's blocked by
python-apt's aptsources package and all its consumers which all need to
be changed to be able to understand deb822.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: