On Sat, Oct 29, 2011 at 03:46:18PM +0300, Eugene V. Lyubimkin wrote: > I wanted to do it this way from the very start but I could not since > /etc/apt/trusted.gpg is somewhy readable only by root. Bug's filed > (veeery late though). > > If the new keyring file installed by debian-archive-keyring/experimental > (I didn't have a chance to play with it yet) installs a world-readable > keyring, this would be a good start towards the goal (as for me).
As long as it's a symlink, it will point to a world-readable file. Due to oddnesses in apt-key it will let gpg move the symlink to debian-archive-keyring.gpg~ and generate a new keyring at the old location. That one might or might not be world-readable. But that should really be fixed so that it's always readable. (You might want to mimick the logic in apt to ignore certain file extensions, though.) Kind regards Philipp Kern
signature.asc
Description: Digital signature