Hi Andreas
> BTW, I did some
>
>apt-key del 578A0494D1C646D1
>
> added my key to /etc/apt/trusted.gpg.d/fam-tille.gpg and added an
> according
>
>[signed-by=/etc/apt/trusted.gpg.d/fam-tille.gpg]
>
> option to the sources.list line ... and it does not yet work. So I
> think it is criti
On 2021-07-02 01:24:09 + (+), Paul Wise wrote:
> On Thu, Jul 1, 2021 at 1:27 PM Jeremy Stanley wrote:
>
> > There's nothing especially wrong about using signed-by, but
> > it's not the security fix some people seem to believe. In short,
> > *any* package you install can run arbitrary comma
On Thu, Jul 1, 2021 at 1:27 PM Jeremy Stanley wrote:
> There's nothing especially wrong about using signed-by, but
> it's not the security fix some people seem to believe. In short,
> *any* package you install can run arbitrary commands as the root
> user on your system during installation. Only e
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 1218 (new: 0)
Total number of packages offered up for adoption: 202 (new: 0)
Total number of packages reques
On 2021-07-01 20:19:55 + (+), Jeremy Stanley wrote:
[...]
> > Lets not throw the baby out with the bathwater, shall we?
> [...snip bits about the abject horrors of apt-key...]
>
> This was in response to the linked wiki article you helped edit,
> purporting to represent a "best practice" (
On 2021-07-01 21:46:19 +0200 (+0200), David Kalnischkies wrote:
> (Disclaimer: It was me who implemented Signed-By, also most of the
> current monster apt-key is, trusted.gpg.d, … I might be a *tiny bit*
> biased than it comes to apt and these topics as a result.)
Thanks for that! I do think it'
(Disclaimer: It was me who implemented Signed-By, also most of the
current monster apt-key is, trusted.gpg.d, … I might be a *tiny bit*
biased than it comes to apt and these topics as a result.)
On Thu, Jul 01, 2021 at 02:40:31PM +, Jeremy Stanley wrote:
> maybe add some further explanation
On 7/1/21 2:45 PM, Jeremy Stanley wrote:
Check out the sources.list manpage:
"The files list one source per line (one-line style) or contain
multiline stanzas defining one or more sources per stanza
(deb822 style), ..."
And then there's an entire DEB822-STYLE FORMAT section which
On 2021-07-01 14:26:48 -0400 (-0400), Kyle Edwards wrote:
> On 7/1/21 2:19 PM, Jeremy Stanley wrote:
> > Also, as other's have stated, deb822 might be a cleaner way to
> > express this.
>
> I'm a little confused - I thought deb822 was just a generic format
> used in various places throughout Debia
Hi,
this is the call for the next video conference of the Debian Med team
that are an established means to organise the tasks inside our team.
We do these conferences twice per month on every
2th and 17th
of a month. Usually it takes us only 15-20min depending what we are
talking about and
On 7/1/21 2:19 PM, Jeremy Stanley wrote:
Also, as other's have stated, deb822 might be a cleaner way to
express this.
I'm a little confused - I thought deb822 was just a generic format used
in various places throughout Debian, including in the Release files.
Where specifically would the signe
On 2021-07-01 14:02:34 -0400 (-0400), Kyle Edwards wrote:
[...]
> In response, we updated our keyring package to remove the
> /etc/apt/trusted.gpg.d files that had been added, and
> automatically replace them with [signed-by=] attributes in the
> sources.list (with permission from the user.) It sou
On 7/1/21 10:40 AM, Jeremy Stanley wrote:
Yes, that's a community-maintained wiki article with a few editors
(at least most of whom are also DDs in this case), started in
2017-03-22 to describe a specific model which discourages it, but
nowhere does that claim use of /etc/apt/trusted.gpg.d is off
On 2021-07-01 09:35:16 -0400 (-0400), Kyle Edwards wrote:
> On 7/1/21 9:27 AM, Jeremy Stanley wrote:
> > It's not clear (to me at least) that placing keys into
> > /etc/apt/trusted.gpg.d is deprecated
>
> According to
> https://wiki.debian.org/DebianRepository/UseThirdParty it is:
>
> > The key M
On 7/1/21 9:27 AM, Jeremy Stanley wrote:
It's not clear (to me at least) that placing keys into
/etc/apt/trusted.gpg.d is deprecated
According to https://wiki.debian.org/DebianRepository/UseThirdParty it is:
> The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by
apt-key add.
T
On 2021-07-01 09:01:57 -0400 (-0400), Kyle Edwards wrote:
[...]
> If [signed-by=] isn't the way to go, then what is? I recently
> updated the keyring package in our company's APT repository to
> automatically migrate people to [signed-by=] since apt-key (and
> with it /etc/apt/trusted.gpg.d) is dep
On 7/1/21 8:27 AM, Julian Andres Klode wrote:
I don't want to advertise signed-by=. We should aim to get deb822 format
supported in python-apt next cycle, and then advertise a consistent use
of deb822 .sources files.
Including, but not limited to, having d-i create
sources.list.d/.sources instea
Hi Bart,
On Thu, Jul 01, 2021 at 02:04:14PM +0200, Bart Martens wrote:
> > I agree that the ITP->RFP script was helpful to change the status of the
> > bug and it would be good to check if this keeps on working.
>
> My script doesn't do that anymore. That is intentional. For many ITPs without
> p
On Thu, Jul 01, 2021 at 02:27:31PM +0200, Julian Andres Klode wrote:
> > > I disagree, and think this bug is a minor documentation issue,
> > > your issue here is likely outside the computer.
> >
> > I stick to the opinion that apt-secure pointing to apt-key which
> > is deprecated is simply the w
On Thu, Jul 01, 2021 at 02:18:17PM +0200, Andreas Tille wrote:
> Hi Julian,
>
> On Thu, Jul 01, 2021 at 02:02:43PM +0200, Julian Andres Klode wrote:
> > Control: severity -1 minor
> >
> > On Thu, Jul 01, 2021 at 01:51:22PM +0200, Andreas Tille wrote:
> > > I have some packages for my own use (I m
Hi Julian,
On Thu, Jul 01, 2021 at 02:02:43PM +0200, Julian Andres Klode wrote:
> Control: severity -1 minor
>
> On Thu, Jul 01, 2021 at 01:51:22PM +0200, Andreas Tille wrote:
> > I have some packages for my own use (I mean there is no reason to expect
> > that someone wants to pull things from t
Control: severity -1 minor
On Thu, Jul 01, 2021 at 01:51:22PM +0200, Andreas Tille wrote:
> Hi,
>
> I'm running a (quite) up to date testing and recently I stumbled upon
>
> $ sudo apt update
> ...
> Err:8 http://fam-tille.de/debian local InRelease
> The following signatures couldn't be
Hi,
I'm running a (quite) up to date testing and recently I stumbled upon
$ sudo apt update
...
Err:8 http://fam-tille.de/debian local InRelease
The following signatures couldn't be verified because the public key is not
available: NO_PUBKEY 578A0494D1C646D1
...
W: GPG error: http://
Hi,
sorry for the late reply.
On Fri, Jun 11, 2021 at 09:36:58PM +0500, Andrey Rahmatullin wrote:
> On Fri, Jun 11, 2021 at 11:05:02AM -0500, Gunnar Wolf wrote:
> > But WNPP is problematic on its own: Right now, we have 1586 normal
> > priority open bugs, 4613 wishlist open bugs (what would the d
24 matches
Mail list logo
