Hello Julian, On 21/01/2025 15:43, Julian Andres Klode wrote:
This has been sitting for almost 2 years again; the style of sources apt-setup generate now triggers complaints from apt as APT recommends every source have a signed-by field (and it then goes on to tell you to migrate to deb822 .sources too if a missing signed-by is in a .list file).
The new version of apt (2.9.24) will now cause a FTBFS for the daily d-i. This has been noticed already in the daily live ISO images based on sid.
I have a question about timing...This wishlist/change request has been sitting for a long time, but now a short-term solution is enforced (at least for sid).
I have been thinking (just to keep the daily sid-based live images building) to temporarily add a '[trusted=yes]', which is (from a security point of view) a nightmare, and exactly the opposite of that what is intended by the specification of a 'signed-by' field.
With kind regards, Roland Clobus[1] https://jenkins.debian.net/view/live/ -> Already 2 sid-based images are failing, the rest will fail tomorrow.
OpenPGP_signature.asc
Description: OpenPGP digital signature
