On Thu, Sep 12, 2024 at 3:32 PM Shengjing Zhu <shengjing....@canonical.com> wrote: > > On Wed, Sep 11, 2024 at 1:12 AM Robie Basak <robie.ba...@ubuntu.com> wrote: > > But if all we're doing is taking the keys from other places and updating > > them in Ubuntu, validated by some process that ultimately relies on some > > set of people to assert that the keys are correct, then what are we > > achieving anyway? Can this not just be automated then, and tooling be > > provided in the archive instead, so users can just do that directly when > > they need? Then there would be much reduced burden on maintainence, > > including for the relevant privileged review teams. > > I don't see the problem of putting a slight burden on the review > teams, if there is a tool/process to update, review and validate the > content of the keyring. > If the distro maintainers can save users' burden then why not? In the > current implementation, users can just update the keyring by running > `apt update`. It's simple and easy for users. >
I agree with this point. I think Luca has explained why the current architecture is appropriate here, and it sounds like the updates to these packages would be infrequent. So, in my opinion, a pretty straightforward addition to "Documentation for Special Cases" is all we need here. -Nick -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
