Hi Arnaldo,

this has been put in place finally (including the key cleanup - it's the 2016 one which matters). Many non-thanks goes to the developers of apt-get, who really have done the worst possible job, not telling anyone when the signed-by stuff was actually implemented.

Causing a lot of worry on my side what compatibility mess they'd get us into. But after a lot of wasted time (which they could've easily handled once and for all by having a single line in the docs or some such) it looks reasonably safe to assume that all Debian/Ubuntu versions currently supported (including LTS) can deal with it. Just.

And we don't have time at the moment to worry about people who want to run old distributions on the host anyway.

Thanks again for the reminder...

Klaus

On 2022-02-28 16:41, Arnaldo Pirrone wrote:
Hello,

Please note that apt-key has been deprecated for a while and apt is now complaining every time it finds stuff into /etc/apt/trusted.gpg.d

so it's about time to edit the Linux_Downloads page to instruct all debian users to copy the keys into /usr/local/share/keyrings

and update the interested /etc/apt/sources.list.d file by interposing [signed-by=/usr/local/share/keyrings/oracle_vbox_2016.asc] between the keyword deb and the repository address.

I see there are actually two keys for debian, oracle_vbox_2016.asc and oracle_vbox.asc, not sure which uses which, can you please point out if they are both needed, or make a single one.

Thank you

_______________________________________________
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev

Reply via email to