On Thu, Jan 21, 2021 at 10:22:59AM -0500, Antoine Beaupré wrote: > Could we make that /usr/share/keyrings and talk about `signed-by` in > sources.list entries? I've been trying really hard to convince people to > stop granting random repos the capacity of impersonating official Debian > repos for years now, through those instructions: > > https://wiki.debian.org/DebianRepository/UseThirdParty > > It would be great to make that more official here... > > Thanks for the deprecation, in any case, I think it's a great move forward! >
We don't yet have sensible ways to do this, really. Dropping files into /usr is bad practice, and we don't provide a directory to store keys in /etc. Well maybe they should be in /usr/local/share/keyrings? I don't know, it's hard to say. My goal would be to migrate to deb822 sources files with keys embedded in them eventually, that would solve all issues; but it's blocked by python-apt's aptsources package and all its consumers which all need to be changed to be able to understand deb822. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
