Control: reopen -1 Samuel Thibault, le lun. 27 janv. 2025 11:36:56 +0100, a ecrit: > Julian Andres Klode, le lun. 27 janv. 2025 11:34:16 +0100, a ecrit: > > On Sun, Jan 26, 2025 at 04:44:33PM +0100, Samuel Thibault wrote: > > > Are all just plain official Debian archive sources. It's not even > > > clear which Signed-by I would be supposed to use. Apparently giving > > > signed-by=/usr/share/keyrings/debian-archive-keyring.gpg does avoid > > > the warning, but shouldn't that already be some default? As it is now, > > > upgrading apt will make all users have to add that on *all* their > > > systems to fix the warning, do we really want that? > > > > Yes, as the notices say upgrade them to deb822 and add the field: > > > > Types: deb > > URIs: http://ftp.fr.debian.org/debian/ http://deb.debian.org/debian/ > > Suites: sid experimental > > Components: main contrib non-free > > Signed-By: /usr/share/keyrings/debian-archive-keyring.asc > > Again, do we really want that? > > Really, I fear an *ample* push-back from essentially all our users. > > As it is now, it is also really not documented enough, users will need > the example described above. > > > The default keyring for sources not specifying Signed-By is > > /etc/apt/trusted.gpg.d which is being phased out in favour > > of explicit configuration. > > > > APT cannot know which keyrings to use for sources magically. > > It can automagically try to use the debian-archive keyring, it's meant > for that...
A discussion on #debian-devel produced the same idea: can't Signed-By just default to /usr/share/keyrings/debian-archive-keyring.asc? (+trusted for the moment, and without it when we want to kill it) (or another path on another distro based on Debian) That way *most* entries will just continue working, pure debian systems won't get a worrysome warning about signatures, and only extra repositories will need something (which I agree is a good thing). What would be the drawback, when the benefit would be so huge? I fear that otherwise we will just see plenty of “bah, add trusted=yes” "tooltips" florish on the web, thus the contrary of the expected result. Samuel
