David Bremner <[email protected]> writes: > Julian Andres Klode <[email protected]> writes: >> >> The Release.gpg must be ASCII armored, as documented in: >> >> https://wiki.debian.org/DebianRepository/Format#A.22Release.22_files >> >> Following the recent CVE, checks where added that the Release.gpg >> contains only such signatures, to prevent hiding packages (or other >> things for that matter) in there. > > OK, good to know there's an easy fix. Should the documentation for > apt-key ("SUPPORTED KEYRING FILES") be updated? I'm not very happy with > the wiki as the primary/only documentation. >
Sorry, I was confused about what is required to be ascii armoured. apt-key is presumably not relevant here. d
