On Wed, 27 Sep 2017 11:45:59 -0400 Daniel Kahn Gillmor <[email protected]> wrote: > On Fri 2017-05-26 11:42:06 -0400, Daniel Kahn Gillmor wrote: > > On Thu 2017-05-25 19:35:42 +0100, Adam D. Barratt wrote: > >> After a little discussion during last night's team meeting, I'm afraid > >> that the consensus appears to be that at this stage of the freeze we > >> shouldn't be making changes that aren't directly related to updating the > >> set of trusted keys. > > > > well, i hope we can work something out for buster. > > Just a ping on this: can we start with having debian-archive-keyring > ship a copy of the keys as individual keys in /usr/share/keyrings/ ? > > even if it leaves the keys in /etc/apt/trusted.gpg.d for now, that'd > make it possible for a local administrator to run a tightly-administered > system with normal updates to debian-archive-keyring while we figure out > the next steps toward making this even easier. > > My longer-term target would be for a new install of buster to have an > empty /etc/apt/trusted.gpg* , but i figure it'll be easier to get there > one step at a time :) > > --dkg
Hi Daniel, This has been in experimental for a while; have you had a change to test that if works as intended? Thanks, ~Niels
