*** This bug is a security vulnerability ***
Public security bug reported:
Instead of shipping a single keyring with 4 keys, ship each key
individually in trusted.gpg.d and do not call apt-key update at all.
Remove keys from /etc/apt/trusted.gpg
This is similar to changes done in debian-archive-keyring 2012.1 upload.
** Affects: ubuntu-keyring (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "ubuntu-keyring_2016.09.16.debdiff.asc"
https://bugs.launchpad.net/bugs/1624408/+attachment/4742035/+files/ubuntu-keyring_2016.09.16.debdiff.asc
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1624408
Title:
ubuntu-keyring migrate to fragment files
Status in ubuntu-keyring package in Ubuntu:
New
Bug description:
Instead of shipping a single keyring with 4 keys, ship each key
individually in trusted.gpg.d and do not call apt-key update at all.
Remove keys from /etc/apt/trusted.gpg
This is similar to changes done in debian-archive-keyring 2012.1
upload.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1624408/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
