On Wed, Oct 17, 2018 at 11:04:00AM +0200, OndÅ?ej Surý wrote: > > I know that there is > > https://deb.sury.org - but prefer to trust stuff that was > > built on Debian machines and is distributed/signed with a > > key we trust. > Shrug, all the packages that I upload to Debian and to the DPA are signed by > the same key - mine.
yes, but when using your repo one has to add your key to the keys apt
trusts, and this is something completly different than using proper
backports.
(I'm very thankful for you providing your repo, but it's not the same as
if those packages were on backports.)
(A workaround for those not wanting to add your key to apt is of course
to download your sources and rebuild them, and then put in a repo of
local packages, and then tell apt to trust that local key. It's more
work but c'est la vie.)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
