On Wed, Oct 16, 2024 at 7:56 AM Robie Basak <robie.ba...@ubuntu.com> wrote: > > I don't have anything further to add to this sub-thread. I think I've > made valid points about what our requirements should be to ensure that > changes to key material are done in a way that our users can trust, why > not doing so would reduce user security compared to what happens in > Debian, and justified my position. I've also made some suggestions on > how I think this can be implemented without too much pain. > > If you don't want to do those things, then my opinion is that these > changes are not suitable for SRU in Ubuntu.
Question then: what makes archlinux-keyring or debian-*-keyring packages different from distribution-gpg-keys? Shouldn't both of them get kicked out of the Ubuntu archive for the same reason? -- Neal Gompa (FAS: ngompa) -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
