Whilst poking all of this a while back, my thought was to use inline signed keyring snippet which is downloaded probably with the apt-helper, validated (well gpgv decrypt) and stored as /etc/apt/trusted.gpg.d/netupdate.gpg. Since we no longer need to touch /etc/apt/trusted.gpg keyring. This doesn't even need to live in apt-key netupdate, and could be just a timer unit. But i guess having this simple logic in apt-key script may make sense.
Note that netupdate has been disabled for a long while now, thus any reintroduction will need security team review before we enable. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1013681 Title: make apt-key net-update secure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
