[Touch-packages] [Bug 1752656] Re: Please SRU archive keyrings to older releases
SRU of debian keyring is also somehow counter productive. Most likely usecase is to debootstrap unstable chroot. And for that to be done correctly, often enough most recent debootstrap from debian is required as otherwise the debootstrap might not complete, or complete incorrectly (see all the recent usrmerge changes and flip-flops). Similarly in Ubuntu keyring we have similar issue with debootstrap. However we are trying to maintain as large overlap window as possible. But it is impractical to SRU all keyrings ever, to all releases ever. Thus this item is won't fix. ** Changed in: ubuntu-keyring (Ubuntu) Status: New => Won't Fix ** Changed in: debian-archive-keyring (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1752656 Title: Please SRU archive keyrings to older releases Status in debian-archive-keyring package in Ubuntu: Won't Fix Status in ubuntu-keyring package in Ubuntu: Won't Fix Bug description: While not necessarily a critical issue for the Ubuntu keyrings, as Debian uses newer keys periodically, it becomes impossible with the default keyrings to verify the latest Debian archive files. It seems reasonable to ensure the keyring contents in all releases are the same, as the latest release is reflecting the latest archives. Related: bug 1801725 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debian-archive-keyring/+bug/1752656/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752656] Re: Please SRU archive keyrings to older releases
Note that SRUing debian-archive-keyring to xenial and earlier is hard, because its keyring generation code relies on gpg features that were added after bionic, and avoiding those features would break reproducibility of the generated keyring files and invalidate the signatures by Debian release team members. If we need to do this it's possible the only sensible option would be to smash in the generated files. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1752656 Title: Please SRU archive keyrings to older releases Status in debian-archive-keyring package in Ubuntu: New Status in ubuntu-keyring package in Ubuntu: New Bug description: While not necessarily a critical issue for the Ubuntu keyrings, as Debian uses newer keys periodically, it becomes impossible with the default keyrings to verify the latest Debian archive files. It seems reasonable to ensure the keyring contents in all releases are the same, as the latest release is reflecting the latest archives. Related: bug 1801725 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debian-archive-keyring/+bug/1752656/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1752656] Re: Please SRU archive keyrings to older releases
** Description changed: While not necessarily a critical issue for the Ubuntu keyrings, as Debian uses newer keys periodically, it becomes impossible with the default keyrings to verify the latest Debian archive files. It seems reasonable to ensure the keyring contents in all releases are the same, as the latest release is reflecting the latest archives. + + Related: bug 1801725 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1752656 Title: Please SRU archive keyrings to older releases Status in debian-archive-keyring package in Ubuntu: New Status in ubuntu-keyring package in Ubuntu: New Bug description: While not necessarily a critical issue for the Ubuntu keyrings, as Debian uses newer keys periodically, it becomes impossible with the default keyrings to verify the latest Debian archive files. It seems reasonable to ensure the keyring contents in all releases are the same, as the latest release is reflecting the latest archives. Related: bug 1801725 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debian-archive-keyring/+bug/1752656/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
