On Fri 2017-05-26 11:42:06 -0400, Daniel Kahn Gillmor wrote: > On Thu 2017-05-25 19:35:42 +0100, Adam D. Barratt wrote: >> After a little discussion during last night's team meeting, I'm afraid >> that the consensus appears to be that at this stage of the freeze we >> shouldn't be making changes that aren't directly related to updating the >> set of trusted keys. > > well, i hope we can work something out for buster.
Just a ping on this: can we start with having debian-archive-keyring
ship a copy of the keys as individual keys in /usr/share/keyrings/ ?
even if it leaves the keys in /etc/apt/trusted.gpg.d for now, that'd
make it possible for a local administrator to run a tightly-administered
system with normal updates to debian-archive-keyring while we figure out
the next steps toward making this even easier.
My longer-term target would be for a new install of buster to have an
empty /etc/apt/trusted.gpg* , but i figure it'll be easier to get there
one step at a time :)
--dkg
signature.asc
Description: PGP signature
