Re: Duration of support for "apt-key add" & how to get Ansible to migrate away from using it

[Julian Andres Klode <jak@debian.org>]

On Tue, Apr 23, 2019 at 05:05:17PM +0100, James Youngman wrote:
> Ansible still uses "apt-key add" to add keys.    I asked the Ansible team
> to consider moving to just placing new keys in /etc/apt/trusted.gpg.d/ in
> this github issue: https://github.com/ansible/ansible/issues/55590 (I
> suggested this because it's the guidance offered in the current apt-key
> manpage).
> 
> However, the Ansible team is concerned that changing approach will make it
> impossible to use Ansible to add keys to older Debian releases which lack
> support for /etc/apt/trusted.gpg.d/.  I don't know how old such a release
> would need to be for this to matter, though. I'm also not privy to the
> future plans of the APT maintainers, so I don't know how long to expect
> "apt-key add" to continue to be supported.
> 
> if Ansible doesn't migrate until "apt-key add" actually stops working, then
> Ansible users will end up with broken playbooks.   Could someone from the
> APT team comment on the bug with a view to agreeing how & when to migrate?

JFTR:

apt-key add stopped working in stretch, unless you also install gnupg on the
system. Hence, you cannot rely on it anyway.

The next step I guess is moving apt-key to /usr/lib/apt, and eventually
removing the functionality. But no time frame on that; it might be next
week or next decade.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en