Whilst poking all of this a while back, my thought was to use inline
signed keyring snippet which is downloaded probably with the apt-helper,
validated (well gpgv decrypt) and stored as
/etc/apt/trusted.gpg.d/netupdate.gpg. Since we no longer need to touch
/etc/apt/trusted.gpg keyring. This doesn't
No, it did not. We could rebase and merge it. We can also replace wget
with /usr/lib/apt/apt-helper download-file to fix bug 325700 and bug
226780 while we're at it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
Did this change ever make it in?
** Changed in: apt (Ubuntu)
Assignee: (unassigned) => Michael Vogt (mvo)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update s
** No longer affects: apt (Ubuntu Quantal)
** Changed in: apt (Ubuntu)
Milestone: quantal-updates => None
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update se
** Changed in: apt (Ubuntu Quantal)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update secure
To manage notifications about thi
Thanks Colin, that is great news.
I updated the branch (and also merged the debian-sid changes) into
https://github.com/mvo5/apt/tree/ubuntu/lp1013681 - I need to test it a
bit more and then I will upload.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg.sig
exists now, so the client side should be unblocked.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key
** Changed in: apt (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update secure
To manage notifications about this bug go to:
h
** Bug watch added: Debian Bug tracker #642480
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
** Also affects: apt (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
Importance: Unknown
Status: Unknown
--
You received this bug notification because you a
We're not going to get to this before quantal release.
** Changed in: apt (Ubuntu Quantal)
Milestone: None => quantal-updates
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make a
>From #ubuntu-meeting on 2012-09-12:
08:43 < mvo> cjwatson: it will require a server side change
08:43 < mvo> cjwatson: if you guys are happy with the new proposed schema we
can
upload (once the server side is updated)
08:43 < mvo> but I (much) agree we should not rush this :) it ca
I'm fine with the signed-keyring-file approach too, although I haven't
confirmed that there are no attacks possible on the code used to verify
*that* signature.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
** Tags removed: rls-q-incoming
** Also affects: apt (Ubuntu Quantal)
Importance: High
Status: Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update
Some more info:
http://lists.gnupg.org/pipermail/gnupg-devel/2012-June/026724.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update secure
To manage notification
More gpg issues with keyring files:
http://lists.gnupg.org/pipermail/gnupg-devel/2012-June/026743.html
http://lists.gnupg.org/pipermail/gnupg-devel/2012-June/026745.html
http://seclists.org/fulldisclosure/2012/Jun/349
--
You received this bug notification because you are a member of Ubuntu
Bugs,
As I recall, we didn't go this route the first time around because we
wanted to avoid changing the server-side interface. But if trying to
check this securely is a case of being nibbled to death by cats, I think
it makes sense to revisit this. So I have no objection to using a gpg-
verified keyri
Subscribing Steve and Colin to get their feedback as well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update secure
To manage notifications about this bug go to:
I would welcome feedback on the alternative approach. The idea is
basicly to simply download a signed keyring file, gpg verify that
against the master key and if its good, import it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
** Branch linked: lp:~mvo/apt/lp1013681
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-update secure
To manage notifications about this bug go to:
https://bugs.launch
Here is a alternative approach for the net-update:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/857472/comments/2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013681
Title:
make apt-key net-
20 matches
Mail list logo
