Your message dated Fri, 5 Nov 2010 19:18:38 +0100
with message-id <[email protected]>
and subject line Close: apt: support for keyring pointers to drop
hard-dependency on gnupg
has caused the Debian Bug report #476570,
regarding apt: support for keyring pointers to drop hard-dependency on gnupg
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
476570: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476570
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apt
Version: 0.7.11
Severity: wishlist
Hello.
I would like to see somehow to be possible to drop gnupg from systems,
leaving only the (smaller) gpgv.
As I understand it, gnupg is at the moment needed because the keyring
apt uses is /etc/apt/trustdb.gpg, which has to be created/updated on
each debian-archive-keyring upload.
The idea I'm offering here is adding support in apt for an
/etc/apt/keys.d directory, that contains files like:
% cat /etc/apt/keyfiles.d/debian-archive-keyring
/usr/share/debian-archive-keyring/ftp.debian.org-debian_4.0.gpg
/usr/share/debian-archive-keyring/ftp.debian.org-debian_5.0.gpg
Keys are shipped separately in orden to retain the (current) ability to
drop some from the keyring apt uses. AFAIK, it should be possible to
pass several key files to gpgv with --keyring.
With this scheme, there would be no need for gnupg installed anymore. I
guess trusted.gpg could be retained for compatibility reasons, and maybe
as a simpler interface for local key addition, via apt-key.
Cheers,
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Listening to: Polar - Snow song
--- End Message ---
--- Begin Message ---
Version: 0.8.2
Something similar to what is requested here was implemented with 0.7.25.1
as we have now a /etc/apt/trusted.gpg.d file in which keyrings can be dropped
instead of added to the trusted.gpg file with apt-key (see also #304846).
The fixed version above is higher as the initial implementation didn't had
e.g. support in cdrom and a few other (more or less) minor problems.
The effect is at least that squeeze will ship with support for it, so that we
can work in wheezy on softly switching to it for the archive keys available.
See #558784 for details on that and why its good (beside a dropped gnupg).
Best regards
David Kalnischkies
--- End Message ---
