SRU of debian keyring is also somehow counter productive. Most likely
usecase is to debootstrap unstable chroot. And for that to be done
correctly, often enough most recent debootstrap from debian is required
as otherwise the debootstrap might not complete, or complete incorrectly
(see all the
Note that SRUing debian-archive-keyring to xenial and earlier is hard,
because its keyring generation code relies on gpg features that were
added after bionic, and avoiding those features would break
reproducibility of the generated keyring files and invalidate the
signatures by Debian release
** Description changed:
While not necessarily a critical issue for the Ubuntu keyrings, as
Debian uses newer keys periodically, it becomes impossible with the
default keyrings to verify the latest Debian archive files.
It seems reasonable to ensure the keyring contents in all releases
3 matches
Mail list logo