AFAICS this is fixed in 2017.7.ubuntu1:
debian-archive-keyring (2017.7ubuntu1) bionic; urgency=medium
* Do not trust debian archive keys by default, and instead ship those
keys in usr/share/keyrings. On Ubuntu, this package is mostly used for
validating chroots when debootstrapping Debian using
/usr/share/keyrings/debian-archive-keyring.gpg
-- Dimitri John Ledkov <[email protected]> Tue, 16 Jan 2018 16:52:37
+0000
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1685305
Title:
Debian keys should not be trusted by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debian-archive-keyring/+bug/1685305/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
