Bug#476570: apt: support for keyring pointers to drop hard-dependency on gnupg

[Adeodato Simó <dato@net.com.org.es>]

Package: apt
Version: 0.7.11
Severity: wishlist

Hello.

I would like to see somehow to be possible to drop gnupg from systems,
leaving only the (smaller) gpgv.

As I understand it, gnupg is at the moment needed because the keyring
apt uses is /etc/apt/trustdb.gpg, which has to be created/updated on
each debian-archive-keyring upload.

The idea I'm offering here is adding support in apt for an
/etc/apt/keys.d directory, that contains files like:
    
    % cat /etc/apt/keyfiles.d/debian-archive-keyring
    /usr/share/debian-archive-keyring/ftp.debian.org-debian_4.0.gpg
    /usr/share/debian-archive-keyring/ftp.debian.org-debian_5.0.gpg

Keys are shipped separately in orden to retain the (current) ability to
drop some from the keyring apt uses. AFAIK, it should be possible to
pass several key files to gpgv with --keyring.

With this scheme, there would be no need for gnupg installed anymore. I
guess trusted.gpg could be retained for compatibility reasons, and maybe
as a simpler interface for local key addition, via apt-key.

Cheers,

-- 
Adeodato Simó                                     dato at net.com.org.es
Debian Developer                                  adeodato at debian.org
 
                                         Listening to: Polar - Snow song