]] Helmut Grohne > Using regular files might be easier to implement, because shipping those > files in /etc makes them conffiles. Using symbolic links may be a > cleaner solution. Using more files provides more (or easier) flexibility > to the user and therefore seems preferable even though it causes more > work. In order to support the current apt-key the > debian-archive-removed-keys.gpg would need to include all present keys > (and thus clean trusted.gpg). The change would again loose user > configuration, but this seems unavoidable to me.
Well, it would be reasonable to: ship all keys in keyring package, as symlinks or files in /etc for each key in $shipped_keyring: if key not present in /etc/apt/trusted.gpg and we're upgrading from $flag_version remove /etc/apt/trusted.gpg.d/$key (if it's the right key) This will preserve user changes just fine, AFAICS? -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org