On Thu, 6 Feb 2025 14:51:17 +0000 Joe <j...@jretrading.com> wrote: > > > On 2/6/25 8:20 AM, Charles Curley wrote: > > > > > > And for those who are wondering, this is going on in trixie.
[...] > The quick fix in sources.list for debian is to add signed-by into > existing lines after deb or deb-src: > > deb \ > [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] > http://deb.debian.org/debian/ \ <software categories> > > > The long-term fix is a file standard.sources root:root 644 in > /etc/sources.list.d containing: > > Types: deb > URIs: https://deb.debian.org/debian/ > Suites: unstable > Components: main contrib non-free non-free-firmware > Enabled: yes > Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg [...] > Non-debian .list files may not contain any signing information, [...] > > Yes, I did all this in sid about a week ago. I am still a little confused about the plans regarding Trixie release. Is the usage of deb822 data format optional or mandatory? AFAICS we are still at an optional path. Can this be confirmed? Is the explicit keyring data mandatory or optional? And is there a difference regarding this question between old an new data format? As far as I understand (so far) it will be mandatory starting with Trixie release, but maybe I am on the wrong track. The reason for my confusion is the debootstrap workflow from Bookworm to Trixie. The provided sources.list is old data format without keyring provided inside the sources.list file. This will possibly break after the Trixie release, if keyring data is mandatory. -- kind regards Frank
pgpOevNBDATnB.pgp
Description: OpenPGP digital signature
