Ubuntu will not ship a keyring with ubuntu uploaders keys.
The permission model in ubuntu is very different from debian and is not
based on GPG web of trust. In debian, any DD can upload any package,
thus debian-keyring make sense to keep track of all the uploader keys.
In Ubuntu, launchpad is the only thing that enforces which keys are
allowed to upload and they are scoped a lot - only a minority of keys
are allowed to upload anything, and vast majority of uploaders can only
upload individual packages or subsets of them.
I have no idea why debian choose a different name when importing our
package =/
If that is of any help, i'm happy to add Provides stanzas to help with
discovery. But I very much see no benefit in renaming this key package
in Ubuntu, given that we have not changed it since Ubuntu inception.
Note that the ubuntu-keyring package ships not only the keyring that is
used to validate APT archives, but other signed metadata as well, for
example - /pool/ on the ISOs; cdimage checksum files of ubuntu ISOs;
cloud images simplestreams metadata; cloud images checksum files; master
key for archive key rotation.
Thus naming the package (either source, of one of the binaries) as
ubuntu-archive-keyring makes no sense, as it validates more than just
the APT archive.
** Changed in: ubuntu-keyring (Ubuntu)
Status: New => Opinion
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1782641
Title:
Request: Rename "ubuntu-keyring" package to "ubuntu-archive-keyring"
for consistency with Debian
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1782641/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
