[Git-commits] [grml/grml.org] f020a4: pull archive keyring out of global trust path
anarcat
anarcat at users.noreply.github.com
Fri Jun 1 16:03:33 CEST 2018
Branch: refs/heads/master
Home: https://github.com/grml/grml.org
Commit: f020a452b21774e3064df6ad27c502a167cdb3da
https://github.com/grml/grml.org/commit/f020a452b21774e3064df6ad27c502a167cdb3da
Author: anarcat <anarcat at users.noreply.github.com>
Date: 2018-02-15 (Thu, 15 Feb 2018)
Changed paths:
M files/index.html.tt2
Log Message:
-----------
pull archive keyring out of global trust path
The [repository instructions](https://wiki.debian.org/RepositoryInstructions) have been changed to avoid writing third-party keyring files to the global trust anchors (in `/etc/apt/trusted-gpg.d`) and instead write those to a more neutral location (`/usr/share/keyrings`, alongside other keyring files).
The downside of this change is that the key fingerprint isn't validated directly through this process. But considering that validation of the key is anchored through HTTPS validation in the first place, we do not *really* lose anything by moving that to the `.gpg` file transfer: that file's integrity is still checked through HTTPS. Furthermore, not storing the explicit fingerprint here will make future key rotations easier as they will not require documentation updates.
Note that this change will also require a change in the `grml-debian-keyring` package to install the keyring file in the new location. If that package does not install a `.sources` or `.list` file, that move will also break existing configurations, so a NEWS entry might be in order as well.
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Git-commits
mailing list