Bug#476570: apt: support for keyring pointers to drop hard-dependency on gnupg
Package: apt
Version: 0.7.11
Severity: wishlist
Hello.
I would like to see somehow to be possible to drop gnupg from systems,
leaving only the (smaller) gpgv.
As I understand it, gnupg is at the moment needed because the keyring
apt uses is /etc/apt/trustdb.gpg, which has to be created/updated on
each debian-archive-keyring upload.
The idea I'm offering here is adding support in apt for an
/etc/apt/keys.d directory, that contains files like:
% cat /etc/apt/keyfiles.d/debian-archive-keyring
/usr/share/debian-archive-keyring/ftp.debian.org-debian_4.0.gpg
/usr/share/debian-archive-keyring/ftp.debian.org-debian_5.0.gpg
Keys are shipped separately in orden to retain the (current) ability to
drop some from the keyring apt uses. AFAIK, it should be possible to
pass several key files to gpgv with --keyring.
With this scheme, there would be no need for gnupg installed anymore. I
guess trusted.gpg could be retained for compatibility reasons, and maybe
as a simpler interface for local key addition, via apt-key.
Cheers,
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Listening to: Polar - Snow song
Reply to: