Public bug reported: Currently, if an Ubuntu developer (or their code) is attempting to interact with the precise archive (which is still supported in some form via ESM) from a machine running bionic or later, they will run in to issues verifying signatures, because the keys used to sign the precise archive are no longer included in the default keyring as of bionic.
(Some form of this problem will present every time an archive key rotation happens; eventually the old key will no longer be trusted, and similar failures to the ones today will occur.) Whilst the old keys should never be used by the system's apt (or other installed software), it would be good if there were some way to install those keys from the archives for projects which knowingly want to use the older signatures. (The old keys should be in a path that isn't currently used by anything, so that they have to be explicitly used.) (This bug came out of a discussion on https://code.launchpad.net/~smoser/vmbuilder/mfdiff-apt-key- transition/+merge/313797.) ** Affects: ubuntu-keyring (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1809027 Title: Make retired Ubuntu keyrings available from the archive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1809027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
