Secure apt using debian-archive-keyring (!663) · Merge requests · Rust compiler tools and packages / debcargo-conf

Daniel Kahn Gillmor requested to merge secure-apt-with-debian-archive-keyring into master May 22, 2024

Rather than trying to use the system's apt-config to identify trusted repositories, just identify the standard debian repositories with the expected keyring.

This depends on debian-archive-keyring being installed, but that will be true for basically every debian developer.

I ran into this trying to use the debcargo-conf archive on a system where there is nothing in /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d/

i prefer this configuration because it means that there is no one OpenPGP certificate capable of signing every connected repository, but i'd like to be able to use this repository on systems with this configuration.

Secure apt using debian-archive-keyring

Merge request reports