Bug#558784: apt: re-adds removed keys
]] David Kalnischkies
| I still don't think it is a real bug as APT has a hard dependency on
| debian-archive-keyring ~ it doesn't recommend this keys, it says:
| You must have ALL these keys installed to use APT correctly and
| on the other hand i see no reason why someone want to remove a
| key from the debian-archive-keyring which would be not better be
| done by the package itself for all users…
| (we could questioning the dependency itself now of course)
Let's agree to disagree about this? :-)
[...]
| The big advantage is that we would no longer need apt-key and
| therefore gpg to add/remove keys to apt's trusted keyring:
| Simple mv, cp & rm would be enough for managing, gpgv for usage and
| gnupg could be dropped from Priority:important-list (see #387688).
Oh, this is great news.
| The small advantage for you would be that this fragment files could
| be real dpkg conf-files and neither apt nor debian-archive-keyring would need
| special code (aka apt-key update) to ensure a correctly setupped keyring.
|
| The files are still binary files so dpkgs conffile handling wouldn't be that
| helpful, but at least the md5sum mismatch would be noticeable…
| (Yes, binary is required here as gpgv only supports the binary format)
| On the other hand the keyrings could be fragmented in
| debian-archive-keyring-lenny.gpg, debian-archive-keyring-squeeze.gpg,
| whatever.gpg so the situation would be in 99% of all cases
| a removed conffile instead of a modified… (if modified at all).
Sure, binary files in /etc is somewhat icky from a diff(1) point of
view, but I at least can live with that.
| Oh, and yes, after that apt could lower the debian-archive-keyring
| dependency to recommends as it wouldn't need to set it up any longer,
| but i would like to defer this discussion to some point after squeeze…
Works for me.
Thanks for your work on this. :-)
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: