On Mon, Apr 27, 2015 at 04:33:27PM +0200, Helmut Grohne wrote: > When creating a tree with chdist, it copies the keys from the > debian-archive-keyring package. After a while the keys are recycled, but > chdist still uses the old ones it copied ages ago and starts to fail > suddenly after a stable release. > > Since debian-archive-keyring is almost essential (you must remove apt to > get rid of it), it seems to make more sense to symlink those keyrings > and have them updated when debian-archive-keyring updates.
Agreed. > Furthermore, why does chdist copy the debian-archive-removed-keys.gpg? > The purpose of that file is to get keys untrusted, but chdist makes apt > trust them nonetheless. No, it's to store keys from previous releases which aren't actively used. However, since chdist is intended to provide easy access to multiple releases, debian-archive-keyring.gpg may not be valid for the dist the user is using. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <james...@debian.org>
signature.asc
Description: Digital signature