Bug#845507: closed by Julian Andres Klode <jak@debian.org> (Re: Bug#845507: having gnupg as Recommends instead of Depends breaks apt-key and tools that use apt-key)

To: David Kalnischkies <david@kalnischkies.de>, 845507@bugs.debian.org
Subject: Bug#845507: closed by Julian Andres Klode <jak@debian.org> (Re: Bug#845507: having gnupg as Recommends instead of Depends breaks apt-key and tools that use apt-key)
From: David Lechner <david@lechnology.com>
Date: Mon, 28 Nov 2016 11:09:03 -0600
Message-id: <[🔎] e254dd60-f5a6-e2b6-06a1-64a1c5f0c6d7@lechnology.com>
Reply-to: David Lechner <david@lechnology.com>, 845507@bugs.debian.org
In-reply-to: <[🔎] 20161125105745.l22paixku2r7gksa@crossbow>
References: <20161124073840.GA21844@debian.org> <[🔎] 1f1ccb63-cd7c-5040-ac04-a6214afd0f39@lechnology.com> <handler.845507.D845507.147997029626161.notifdone@bugs.debian.org> <[🔎] 5a2b0bee-8e1d-1e0e-fc6d-f12de0547d22@lechnology.com> <[🔎] 20161125105745.l22paixku2r7gksa@crossbow>

On 11/25/2016 04:57 AM, David Kalnischkies wrote:

On Thu, Nov 24, 2016 at 10:47:00AM -0600, David Lechner wrote:

Your suggestion is not entirely clear to me though. When you say:

Report it to them. They are the ones doing it wrong. There has been

a better replacement for years.

I assume that "they" means people/projects using apt-key. And, I assume
"doing it wrong" means using the apt-key command. What is this "better
replacement" for apt-key?


You don't need apt-key to add a key to the trusted set. You just drop
a keyring file into /etc/apt/trusted.gpg.d/whatever-you-like.gpg and be
happy.

That is not only easier for you to add and for us to deal with, but its
also easier for you to remove if you ever need to. Hardly any keyring
package performed a proper cleanup because its hard…


Nowadays apt-key is really a tool which should only be used by a 'real'
user – and 99% of users will never need it (or at least shouldn't be
forced by 6+ years outdated advice to use it).


Best regards

David Kalnischkies

Thanks! I have seen exactly zero blogs/stackexchange answers/wiki pagesthat suggest using /etc/apt/trusted.gpg.d/ vs. many, many pages thatsuggest using apt-key. I will do what I can to change that.

Reply to:

References:
- Bug#845507: having gnupg as Recommends instead of Depends breaks apt-key and tools that use apt-key
  - From: David Lechner <david@lechnology.com>
- Bug#845507: closed by Julian Andres Klode <jak@debian.org> (Re: Bug#845507: having gnupg as Recommends instead of Depends breaks apt-key and tools that use apt-key)
  - From: David Lechner <david@lechnology.com>
- Bug#845507: closed by Julian Andres Klode <jak@debian.org> (Re: Bug#845507: having gnupg as Recommends instead of Depends breaks apt-key and tools that use apt-key)
  - From: David Kalnischkies <david@kalnischkies.de>

Prev by Date: Bug#845965: Remove my email
Next by Date: Bug#440057: memory leaks in apt-transport-https - unanswered since 9 years
Previous by thread: Bug#845507: closed by Julian Andres Klode <jak@debian.org> (Re: Bug#845507: having gnupg as Recommends instead of Depends breaks apt-key and tools that use apt-key)
Next by thread: Bug#845563: apt-get update which ends up in grub-probe loops near Stack.pm uninitialized value
Index(es):
- Date
- Thread