Hi

Who do I have to badger to get the obsolete and frankly dangerous Debian repo 
instructions fixed @ https://www.postgresql.org/download/linux/debian/ ? 

The manner proposed is really "not the done thing" in 2024 and it has been 
explicitly obsoleted by Debian so the project really should not be promoting it 
as a supported manner to do things.

TL;DR: You should not be using blindly trusting keys for all repos (which is 
what apt-key add does).  See : 
https://wiki.debian.org/DebianRepository/UseThirdParty


Something like this is the way it should be done:


# Install GPG Certcurl -fsSL 
"https://www.postgresql.org/media/keys/ACCC4CF8.asc"; \
    | gpg --dearmor \
    | sudo sponge /etc/apt/keyrings/postgresql.gpg
# Create source list file
. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/postgresql.gpg] 
https://apt.postgresql.org/pub/repos/apt ${VERSION_CODENAME}-pgdg main" \
    | doas sponge /etc/apt/sources.list.d/postgresql.list
## Install
doas apt-get update && apt-get -y install postgresql






Reply via email to