Hello! Good way to add/remove keyrings without wasting trusted system keyring is to copy/symlink keyrings to /etc/apt/trusted.gpg.d/ directory.
2016-05-21 4:55 GMT+03:00 Hideki Yamane <henr...@debian.or.jp>: > Hi, > > We have those keyring packages. > > $ LANG=C apt-cache search archive-keyring > debian-archive-keyring - GnuPG archive keys of the Debian archive > debian-edu-archive-keyring - GnuPG archive keys of the Debian Edu archive > debian-ports-archive-keyring - GnuPG archive keys of the debian-ports archive > emdebian-archive-keyring - GnuPG archive keys for the emdebian repository > neurodebian-archive-keyring - neuroscience-oriented distribution - GnuPG > archive keys > pkg-mozilla-archive-keyring - GnuPG archive keys for the Debian Mozilla team > package repository > ubuntu-archive-keyring - GnuPG keys of the Ubuntu archive > > Some packages does "apt-key add /usr/share/keyrings/foobarkey" > and some doesn't. Handy way is adding keyring via script, but > I'm afraid that it would be too much, because adding GPG key to > trusted system keyring is ease to break security. > > So, which is the better way? just mention to add it by hand > in README.Debian or add it in maintainer script automatically. > > > > -- > Regards, > > Hideki Yamane henrich @ debian.or.jp/org > http://wiki.debian.org/HidekiYamane > -- SY, Konstantin Demin
