Project

Profile

Help

Task #8953

We need to support new style APT repo signatures

Added by quba42 4 months ago. Updated 3 months ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Target Release - Debian:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

See the following specification: https://wiki.debian.org/Teams/Apt/Spec/AptSign

See the following excerpt from IRC:

Conan Kudo
quba42: judging by what's going on, I expect this to launch in Debian 11
it definitely will be part of Ubuntu 22.04
I'm also having a conversation with the RPM folks about whether we might want to consider this for the RPM ecosystem in the future too
because not having an independent implementation from OpenBSD's signify was the main problem for me
now that two exist now (one in C++ and another in Python), I think this is something worth pursuing in the RPM ecosystem
Conan Kudo
quba42: my understanding is that Debian 11 and Ubuntu 22.04 will have both, but immediately afterward GPG will be dropped
quba42: apt-key(8) has already been marked for removal after Debian 11 release
(which is where the gpg key management is in apt)
https://www.mankier.com/8/apt-key
I guess this means I'm packaging up the new python-aptsign package for Fedora...
which means packaging python-apt too

Thanks Conan Kudo, for alerting me to this!

History

#1 Updated by quba42 4 months ago

We need to support both upstream signature verification using the new format, as well as signing published repos. The latter may be as simple as providing an updated example signing script.

#2 Updated by quba42 3 months ago

  • Priority changed from High to Normal

Please register to edit this issue

Also available in: Atom PDF