Findings here: - Andreas uploaded Amos key to Debian a while ago - This was only changed once, to make that key leaner by removing one signature from it.
https://salsa.debian.org/squid- team/squid/-/commits/master/debian/upstream/signing-key.asc? - The only announcement I found in squid mailing lists is back from before the key we currently have in Debian (Amos'): https://lists.squid- cache.org/pipermail/squid-announce/2016-October/000064.html - Then, I found the following discussions [1], [2], which mention Squid's keyring file at http://master.squid-cache.org/pgp.asc. [2] also has a reference to the key which is currently signing the source tarball. Still, I found no documentation or mailing list threads specifically talking about master.squid-cache.org/pgp.asc. I wonder if, due to the lack of upstream docs on this, we should contact upstream for pointers on how things are being done nowadays (so we won't need to keep updating the keyring every upload) or if we should just add the whole upstream provided keyring there already (or at least the keys that are signed by the one we are already using). [1] [https://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html](https://lists.squid-cache.org/pipermail/squid-users/2016-November/013330.html) [2] https://lists.squid-cache.org/pipermail/squid-users/2024-February/026432.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073322 Title: Upstream microrelease 6.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2073322/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
