@Daniel Leidert: Thanks for this suggestion, I added issue #1444 (https://bugs.g10code.com/gnupg/msg4421) upstream asking for a mode for --recv-key that verifies that the downloaded key matches the expected key.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1016643 Title: add-apt-repository downloads gpg key in an insecure fashion To manage notifications about this bug go to: https://bugs.launchpad.net/gnupg/+bug/1016643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
