Bug#783497: [chdist] copies apt keys, fails to update keys, enables removed 1024bit keys by default
James McCoy
jamessan at debian.org
Wed Apr 29 01:37:58 UTC 2015
On Mon, Apr 27, 2015 at 04:33:27PM +0200, Helmut Grohne wrote:
> When creating a tree with chdist, it copies the keys from the
> debian-archive-keyring package. After a while the keys are recycled, but
> chdist still uses the old ones it copied ages ago and starts to fail
> suddenly after a stable release.
>
> Since debian-archive-keyring is almost essential (you must remove apt to
> get rid of it), it seems to make more sense to symlink those keyrings
> and have them updated when debian-archive-keyring updates.
Agreed.
> Furthermore, why does chdist copy the debian-archive-removed-keys.gpg?
> The purpose of that file is to get keys untrusted, but chdist makes apt
> trust them nonetheless.
No, it's to store keys from previous releases which aren't actively
used. However, since chdist is intended to provide easy access to
multiple releases, debian-archive-keyring.gpg may not be valid for the
dist the user is using.
Cheers,
--
James
GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20150428/f7b1a463/attachment.sig>
More information about the devscripts-devel
mailing list