Bug#558784: status of this bug?
]] Helmut Grohne
> Using regular files might be easier to implement, because shipping those
> files in /etc makes them conffiles. Using symbolic links may be a
> cleaner solution. Using more files provides more (or easier) flexibility
> to the user and therefore seems preferable even though it causes more
> work. In order to support the current apt-key the
> debian-archive-removed-keys.gpg would need to include all present keys
> (and thus clean trusted.gpg). The change would again loose user
> configuration, but this seems unavoidable to me.
Well, it would be reasonable to:
ship all keys in keyring package, as symlinks or files in /etc
for each key in $shipped_keyring:
if key not present in /etc/apt/trusted.gpg and we're upgrading from $flag_version
remove /etc/apt/trusted.gpg.d/$key (if it's the right key)
This will preserve user changes just fine, AFAICS?
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: