[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#990086: apt-key is deprecated in bullseye, how to manage keys instead

On 6/26/21, Andrei POPESCU <andreimpopescu@gmail.com> wrote:
>> Andrei, thanks for having picked up my problem and having cared for the
>> release notes to comment on it, and also for supposedly having motivated
>> Julian Andres Klose to publish a very helpful blog post on the related
>> subject. Brad Rogers here in the thread linked to it in his answer to me,
>> thanks also for this.
>> Darac Marjal in his answer made me understood, that my problem was NOT
>> about
>> knowing how to copy a key file to a directory, but about being convinced
>> that it is allowed to simply copy files to the /etc/apt/trusted.gpg.d/
>> sub-directory without having to manage this by a special tool like gpg.
>> For
>> convincing me, maybe the man page of apt-key was simply missing a word
>> like
>> "manually" for expressing to "manually place files in this sub-director".
>> As
>> a beginner being confronted with security relevant procedures, specially
>> when it is about things like PGP keys based on a Web Of Trust concept,
>> you
>> easily suspect that a special security tool would exist for ensuring that
>> handling the important package signature key infrastructure is done
>> correctly. Obviously not. Simply copying a key there appears is really
>> enough to get access to a repository.
>
> Well, it makes perfect sense if you remember that "everything is a
> file", even if there are exceptions (e.g. network devices).


Hopefully I'm reading this right. While on dialup, I spent A LOT of
time battling a well-known closed source modem tty* driver. Out of
desperation, I could sometimes get it to work by copying it between
hard drives that contained separate operating systems.

BUT you can't just e.g. "cp" or "right click > copy" it over. It would
fail with a "Can't copy special file" error message. I know this
because I just did it again with ttyS0. You CAN rsync it between
partitions, and it would be viable, usable.


> Documentation for actions requiring specialized tools is rather of the
> form "use foo to add an entry to baz", e.g. in the context of GnuPG it
> would be "use gpg to add this public key to <keyring>" (which is also a
> file, but must be manipulated with specialized tools).


Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *
Reply to: