Am 18.07.23 um 11:36 schrieb Andrew Ruthven:
Apt will then trust all the keyrings in
/etc/apt/trusted.gpg.d . This isn't really ideal, and I'd prefer to use
Signed-By to specify which GPG keyring to trust for our various additional
repositories.
Just out of curiosity:
What security benefit do you achieve by demanding that a certain repo is
signed by a specific key?
Best
Christopher
--
Christopher Huhn
Linux & web group
IT department
GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
Planckstr. 1, 64291 Darmstadt, https://www.gsi.de/
Sitz der Gesellschaft / Registered Office: Darmstadt
Handelsregister / Commercial Register:
Amtsgericht Darmstadt, HRB 1528
Geschaeftsfuehrung / Managing Directors:
Professor Dr. Paolo Giubellino, Joerg Blaurock
Vorsitzender des GSI-Aufsichtsrates /
Chairman of the GSI Supervisory Board:
Ministerialdirigent Dr. Volkmar Dietz
