[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1094263: apt: Do we really want Signed-By for official Debian archive sources?

Package: apt
Version: 2.9.25
Severity: normal

Hello,

In my unstable chroot, I'm now getting

Notice: Missing Signed-By in the sources.list(5) entry for 'http://ftp.fr.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'http://ftp.fr.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'http://deb.debian.org/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'http://incoming.debian.org/debian-buildd'
Notice: Missing Signed-By in the sources.list(5) entry for 'http://incoming.debian.org/debian-buildd'
Notice: Consider migrating all sources.list(5) entries to the deb822 .sources format
Notice: The deb822 .sources format supports both embedded as well as external OpenPGP keys
Notice: See apt-secure(7) for best practices in configuring repository signing.

(note: apparently it shouldn't be apt-secure(7), but apt-secure(8) )

These sources:

deb http://ftp.fr.debian.org/debian/ sid main contrib non-free
deb http://ftp.fr.debian.org/debian/ experimental main contrib non-free
deb http://deb.debian.org/debian/ sid main contrib non-free
deb http://deb.debian.org/debian/ experimental main contrib non-free
deb http://incoming.debian.org/debian-buildd buildd-sid main contrib non-free
deb http://incoming.debian.org/debian-buildd buildd-experimental main contrib non-free

Are all just plain official Debian archive sources. It's not even
clear which Signed-by I would be supposed to use. Apparently giving
signed-by=/usr/share/keyrings/debian-archive-keyring.gpg does avoid
the warning, but shouldn't that already be some default? As it is now,
upgrading apt will make all users have to add that on *all* their
systems to fix the warning, do we really want that?

Samuel

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'oldstable-proposed-updates-debug'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.13.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser                 3.137
ii  base-passwd             3.6.6
ii  debian-archive-keyring  2023.4
ii  libapt-pkg6.0t64        2.9.23
ii  libc6                   2.40-5
ii  libgcc-s1               15-20241220-1
ii  libseccomp2             2.5.5-2
ii  libssl3t64              3.4.0-2
ii  libstdc++6              15-20241220-1
ii  libsystemd0             257.2-1
ii  sqv                     1.2.1-5

Versions of packages apt recommends:
ii  ca-certificates  20241223

Versions of packages apt suggests:
pn  apt-doc         <none>
ii  aptitude        0.8.13-6.1
ii  dpkg-dev        1.22.11
ii  gnupg           2.2.46-1
ii  gnupg1          1.4.23-3
ii  gnupg2          2.2.46-1
ii  powermgmt-base  1.38
ii  synaptic        0.91.4

-- no debconf information

-- 
Samuel
mdiym42: note to self
mdiym42: make sure your cat is not sleeping in the bass drum before you start playing them
Reply to: