[Bug 1667725] Re: [feature request] make full ppa signing public key available over https
Launchpad Bug Tracker
1667725 at bugs.launchpad.net
Fri Aug 3 14:53:11 UTC 2018
** Branch linked: lp:software-properties
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to software-properties in Ubuntu.
https://bugs.launchpad.net/bugs/1667725
Title:
[feature request] make full ppa signing public key available over
https
Status in Launchpad itself:
Fix Released
Status in software-properties package in Ubuntu:
In Progress
Bug description:
Currently, for a ppa, launchpad makes the long key fingerprint
available over https. I'd like to request that it also make the full
public key available over https.
Many people use add-apt-repository extensively for using ppas ('add-
apt-repository -y smoser/archive')
As I understand it, that basically does:
a. request the 'archive urls', 'description' and long key fingerprint over https from launchpad.net
b. does gpg --recv <long-key-fingerprint> from hkp://keyserver.ubuntu.com:80/ (or the --keyserver argument)
c. adds the result of 'b' to apt using 'apt-key'
Since launchpad is the owner of the signing key for the ppa, why not
have it just give us the full public key over the same api that it
provides the other bits of information?
My experience is that gpg servers are less reliable than we'd like,
and even if they were as reliable as launchpad, any use of a ppa now
effectively depends on 2 external systems when 1 could suffice.
To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1667725/+subscriptions
More information about the foundations-bugs
mailing list