Validation of keyring changes [was: Enhancing cross-distro collaboration via foreign archive keyring] availability
Neal Gompa
ngompa at fedoraproject.org
Wed Oct 16 12:48:25 UTC 2024
On Wed, Oct 16, 2024 at 7:56 AM Robie Basak <robie.basak at ubuntu.com> wrote:
>
> I don't have anything further to add to this sub-thread. I think I've
> made valid points about what our requirements should be to ensure that
> changes to key material are done in a way that our users can trust, why
> not doing so would reduce user security compared to what happens in
> Debian, and justified my position. I've also made some suggestions on
> how I think this can be implemented without too much pain.
>
> If you don't want to do those things, then my opinion is that these
> changes are not suitable for SRU in Ubuntu.
Question then: what makes archlinux-keyring or debian-*-keyring
packages different from distribution-gpg-keys? Shouldn't both of them
get kicked out of the Ubuntu archive for the same reason?
--
Neal Gompa (FAS: ngompa)
More information about the ubuntu-devel
mailing list