[Bug 1624408] [NEW] ubuntu-keyring migrate to fragment files
Dimitri John Ledkov
launchpad at surgut.co.uk
Fri Sep 16 14:13:10 UTC 2016
*** This bug is a security vulnerability ***
Public security bug reported:
Instead of shipping a single keyring with 4 keys, ship each key
individually in trusted.gpg.d and do not call apt-key update at all.
Remove keys from /etc/apt/trusted.gpg
This is similar to changes done in debian-archive-keyring 2012.1 upload.
** Affects: ubuntu-keyring (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "ubuntu-keyring_2016.09.16.debdiff.asc"
https://bugs.launchpad.net/bugs/1624408/+attachment/4742035/+files/ubuntu-keyring_2016.09.16.debdiff.asc
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1624408
Title:
ubuntu-keyring migrate to fragment files
Status in ubuntu-keyring package in Ubuntu:
New
Bug description:
Instead of shipping a single keyring with 4 keys, ship each key
individually in trusted.gpg.d and do not call apt-key update at all.
Remove keys from /etc/apt/trusted.gpg
This is similar to changes done in debian-archive-keyring 2012.1
upload.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1624408/+subscriptions
More information about the foundations-bugs
mailing list