On Sun, Aug 22, 2010 at 03:11:19PM +0200, Carsten Hey wrote: > * Placing packaged keyrings in, e.g., /var/lib/apt/trusted.gpg.d/ might > be preferable to using /etc/; on the other side, above-mentioned > description sounds like /etc/ is intended to be used for this.
Or symlinks, so that the admin could deactivate some. (But then, why should they be installed in the first place.) > This is unrelated, but filing a bug for something that is probably by > intention (to make apt's ability to be able to verify signatures less > fragile) did not sound useful. debian-archive-keyring does not remove > the key in its prerm, unlike debian-backports-keyring: > > | case "$1" in > | remove|purge) > | if [ -x /usr/bin/apt-key ]; then > | /usr/bin/apt-key del 12345678 > | fi > | ;; > | esac Hm, interesting. It seems that d-a-k misses a call to `apt-key update' as a postrm script. Would you mind filing a bug about that? Apart from that key removals on upgrade are handled by calling `apt-key update' in the postinst, so we just pass in the removed keys keyring which is handled internally (and specially) by apt-key itself. Kind regards, Philipp Kern
signature.asc
Description: Digital signature
