I'm glad to see you rejecting the short keyid. If you're doing this work to make the apt-key fetching possibilities cryptographically sound, please rely only on full OpenPGPv4 fingerprints, not on the long keyid. And ensure that the received key is an OpenPGP v4 key, since v3 fingerprints are themselves spoofable.
Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1016643 Title: add-apt-repository downloads gpg key in an insecure fashion To manage notifications about this bug go to: https://bugs.launchpad.net/gnupg/+bug/1016643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
