Ubuntu will not ship a keyring with ubuntu uploaders keys.
The permission model in ubuntu is very different from debian and is not
based on GPG web of trust. In debian, any DD can upload any package,
thus debian-keyring make sense to keep track of all the uploader keys.
In Ubuntu, launchpad is the only thing that enforces which keys are
allowed to upload and they are scoped a lot - only a minority of keys
are allowed to upload anything, and vast majority of uploaders can only
upload individual packages or subsets of them.
I have no idea why debian choose a different name when importing our
package =/
If that is of any help, i'm happy to add Provides stanzas to help with
discovery. But I very much see no benefit in renaming this key package
in Ubuntu, given that we have not changed it since Ubuntu inception.
Note that the ubuntu-keyring package ships not only the keyring that is
used to validate APT archives, but other signed metadata as well, for
example - /pool/ on the ISOs; cdimage checksum files of ubuntu ISOs;
cloud images simplestreams metadata; cloud images checksum files; master
key for archive key rotation.
Thus naming the package (either source, of one of the binaries) as
ubuntu-archive-keyring makes no sense, as it validates more than just
the APT archive.
** Changed in: ubuntu-keyring (Ubuntu)
Status: New => Opinion
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1782641
Title:
Request: Rename "ubuntu-keyring" package to "ubuntu-archive-keyring"
for consistency with Debian
Status in ubuntu-keyring package in Ubuntu:
Opinion
Bug description:
The package that Ubuntu calls "ubuntu-keyring" is present in Debian as
"ubuntu-archive-keyring".
Debian has separate "debian-keyring" and "debian-archive-keyring"
packages, described as follows:
d-k: GnuPG keys of Debian Developers and Maintainers
d-a-k: GnuPG archive keys of the Debian archive
IMO this is a reasonable distinction, as the keys of
developers/maintainers are rarely needed by end users, and the d-k
package is significantly larger (on the order of 30 MB).
Thus, the current "ubuntu-keyring" package would be better named
"ubuntu-archive-keyring", not only so that the equivalent package has
the same name in both distros, but also to maintain the same
distinction between developer keys and archive keys. (Ubuntu could
potentially decide to ship a package containing Ubuntu developer keys
in the future, and it would be awkward if this needed to be named e.g.
"ubuntu-devel-keyring" or the like.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1782641/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
