> What about having the package extrepo-offline-data frequently updated > automatically and use that by default?
Looking at the release history, it doesn't look like this would work very well in practice: https://tracker.debian.org/pkg/extrepo-data The updated Brave key is in 1.0.4 but stable only received 1.0.3 six months ago and that's metadata from 2022. In other words, it means that external repos need to plan their key rotations several years in advance in order for Debian users to continue to get uninterrupted security updates. Francois -- https://fmarier.org/
