On Thu, Nov 24, 2016 at 10:47:00AM -0600, David Lechner wrote: > Your suggestion is not entirely clear to me though. When you say: > > > Report it to them. They are the ones doing it wrong. There has been > a better replacement for years. > > I assume that "they" means people/projects using apt-key. And, I assume > "doing it wrong" means using the apt-key command. What is this "better > replacement" for apt-key? You don't need apt-key to add a key to the trusted set. You just drop a keyring file into /etc/apt/trusted.gpg.d/whatever-you-like.gpg and be happy. That is not only easier for you to add and for us to deal with, but its also easier for you to remove if you ever need to. Hardly any keyring package performed a proper cleanup because its hard… Nowadays apt-key is really a tool which should only be used by a 'real' user – and 99% of users will never need it (or at least shouldn't be forced by 6+ years outdated advice to use it). Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature