Hi Arnaldo,
this has been put in place finally (including the key cleanup - it's the
2016 one which matters). Many non-thanks goes to the developers of
apt-get, who really have done the worst possible job, not telling anyone
when the signed-by stuff was actually implemented.
Causing a lot of worry on my side what compatibility mess they'd get us
into. But after a lot of wasted time (which they could've easily handled
once and for all by having a single line in the docs or some such) it
looks reasonably safe to assume that all Debian/Ubuntu versions
currently supported (including LTS) can deal with it. Just.
And we don't have time at the moment to worry about people who want to
run old distributions on the host anyway.
Thanks again for the reminder...
Klaus
On 2022-02-28 16:41, Arnaldo Pirrone wrote:
Hello,
Please note that apt-key has been deprecated for a while and apt is now
complaining every time it finds stuff into /etc/apt/trusted.gpg.d
so it's about time to edit the Linux_Downloads page to instruct all
debian users to copy the keys into /usr/local/share/keyrings
and update the interested /etc/apt/sources.list.d file by interposing
[signed-by=/usr/local/share/keyrings/oracle_vbox_2016.asc] between the
keyword deb and the repository address.
I see there are actually two keys for debian, oracle_vbox_2016.asc and
oracle_vbox.asc, not sure which uses which, can you please point out if
they are both needed, or make a single one.
Thank you
_______________________________________________
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev