Bug#558784: apt: re-adds removed keys
reopen 558784
thanks
]] David Kalnischkies
| While i could agree with you on a (very high) metalevel that this could
| be a valid configuration change, i have a few very simple practical
| reasons why not:
|
| - first of all: /etc/apt/trusted.gpg is not a configuration file
| [in dpkg sense] yes - it looks like one as it is in /etc - and it is in
| some ways a configuration file, but not directly if you compare it to
| "normal" configuration files like xorg.conf.
Yes, it's a configuration file. If it's not, this is an FHS violation
as only configuration files should be in /etc. Dpkg does not have a
concept of configuration files, it has a concept of conffiles which are
shipped in the package. The trusted.gpg file is not a conffile. That
it is not a text file is irrelevant
here. /etc/ssl/certs/ca-certificates.crt isn't a normal text file you
sit down and configure either.
As to whether it's a valid configuration change: why is it not? Why is
adding more keys to the keyring valid if removing keys is not? Why does
even apt-key provide a «remove» command if that's not a valid change of
configuration?
| - apt depends on debian-archive-keyring. So it explicitly says that it
| requires the complete keyring to work correctly. A administrator who
| removes parts of this keyring therefore doesn't make a valid configuration
| change - he breaks the dependency apt has causing apt to do possibly
| strange things (behavior of applications with broken dependencies is
| undefined) - Including reimporting the keyring to fix it.
| (A segfault would be also possible.)
The dependency isn't broken, I have d-a-k installed on the system, apt
and apt-key can access that keyring just fine, if not apt-key update
would not work.
If an application segfaults because of a missing key in a keyring,
that's surely a bug in the package; this whole argument sounds like a
strawman to me.
| - A keyring is a keyring because the keys together form a ring of trust.
| If you don't trust a key in the ring, you can't trust the keyring
| (if this wouldn't be the case a keyring should be called "loosely coupled
| group of keys"), so if you remove a key you effectively remove the keyring.
| This is disallowed by the dependency (as said in the previous point).
No. GPG has a trust database where I can tell it how much I trust the
various keys. That does not have anything to do with whether they are
in a single file or not.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: