*** This bug is a security vulnerability *** Public security bug reported:
Instead of shipping a single keyring with 4 keys, ship each key individually in trusted.gpg.d and do not call apt-key update at all. Remove keys from /etc/apt/trusted.gpg This is similar to changes done in debian-archive-keyring 2012.1 upload. ** Affects: ubuntu-keyring (Ubuntu) Importance: Undecided Status: New ** Patch added: "ubuntu-keyring_2016.09.16.debdiff.asc" https://bugs.launchpad.net/bugs/1624408/+attachment/4742035/+files/ubuntu-keyring_2016.09.16.debdiff.asc -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu. https://bugs.launchpad.net/bugs/1624408 Title: ubuntu-keyring migrate to fragment files Status in ubuntu-keyring package in Ubuntu: New Bug description: Instead of shipping a single keyring with 4 keys, ship each key individually in trusted.gpg.d and do not call apt-key update at all. Remove keys from /etc/apt/trusted.gpg This is similar to changes done in debian-archive-keyring 2012.1 upload. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1624408/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp