Hallo,
* Sam Hartman [Sun, Jul 14 2019, 08:46:18AM]:
> >>>>> "Julian" == Julian Andres Klode <j...@debian.org> writes:
>
> Please carefully consider uses of apt besides the system level apt
> running as root installing packages on the system.
>
> What about when I use the apt libraries to explore some repository and
> parse its packages files etc.
> Asking people to go set up the keys for some of these use cases seems
> like a lot of work.
IMHO this could and should be mitigated. I.e. give people a tool they
can work with without studying rocket science, following the spirit of
letsencrypt etc., which handles the snakeoil key handling in a lazy way.
<brainstorming>Something like:
apt-ftparchive ... --auto-sig
(create a new PGP key OR load and use the PGP key with identity of the current
InRelease file; auto-generated key is stored in user's private keyring
and can be extracted with ...)
</>
Best regards,
Eduard.
--
Angela Merkel zitiere ich ja am liebsten wörtlich. Ich hab noch keine
bessere Möglichkeit gefunden, diese Frau zu beleidigen.
-- Volker Pispers
