home  bbs  files  messages ]

      ZZLI4422             linux.debian.devel             1194 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 273 of 1194 on ZZLI4422, Thursday 9-03-25, 1:16  
  From: AARON RAINBOLT  
  To: ROLAND CLOBUS  
  Subj: Re: deb822 sources.list -> Use the 'Sign  
 From: arraybolt3@gmail.com 
  
 On Tue, 2 Sep 2025 14:01:42 +0200 
 Roland Clobus  wrote: 
  
 > Hello list, 
 > 
 > Just before trixie was released, the warning about the deb822 format 
 > for sources.list was removed, now is the time to implement it 
 > properly for forky. 
 > 
 > Recently a MR was prepared for live-build [1] (the generator of the 
 > live images), which makes me think about the 'Signed-By' field. 
 > 
 > Should this field be filled explicitly with the value 
 > '/usr/share/keyrings/debian-archive-keyring.gpg', or better not? 
 > 
 > As I understand it [2]: 
 > "If no keyring files are specified the default is the trusted.gpg 
 > keyring and all keyrings in the trusted.gpg.d/ directory" 
 > 
 > So the most secure variant would be to fill the field, as only one 
 > keyring will be considered. 
  
 The PR (which I filed) is currently using "Signed-By" in most places (I 
 believe everywhere it's reasonably possible to use it) mainly because I 
 notice apt complains (gently) if it's missing, with the message 
 "Notice: Missing Signed-By in the sources.list(5) entry for 
 'http://deb.debian.org/debian'" or similar. While not critical, I found 
 these messages to be unsightly and they seemed to hint that including 
 Signed-By was a good idea, so I included it just to be sure. 
  
 -- 
 Aaron 
  
 > With kind regards, 
 > Roland Clobus 
 > Maintainer for the live images 
 > 
 > [1] https://salsa.debian.org/live-team/live-build/-/merge_requests/436 
 > [2] https://manpages.debian.org/trixie/apt/sources.list.5.en.html 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEudh48PFXwyPDa0wGpwkWDXPHkQkFAmi3cvkACgkQpwkWDXPH 
 kQk0sw//WZ473y7wygNBUg8WeslCh4OhK9CuyqyhKZS3n8gqCiJwyfI0fTAM/WvH 
 hhXHj9YKn12B9rqVoFS49ijkM8+H5pWfGPRst9B6H6Oo/XrJRB+WcoEOztX+CHS8 
 N0sIR26RGnV1AaSOPG6/yzreSv/ESZfjCT0ZYmknBREkIJzehLjc9O6VzlllLXqf 
 NtOBGCbKhPDUULFilZ/uexsVRp4PU8Cb/fvcnSGlB4CW1Yv0I/67FxLoGZy+eKJt 
 nd9tn05nPDiBUfwT9clBivcMsxzNnN4codBuUIAO8qcN1ZxdMzlKT28Sl6+fc8Z0 
 ZHhWPkKEWRO/+yEwX1lhkTQGWQudjUkGOQu+I5ygbniea/r3yQyDcZYg/1QsBchq 
 ZUehhkjUxo1qwEMNHJ0vS/msBPEqWhLE9Nep+ReC2M+j0ZeZSXkwxtHAmq8yFUVk 
 MPWI4zQ6W8dQcp/Ihnox1bwlROgepQGVi3pxqC8L2Rs03MwtSxAjIoAYYMhPaYsx 
 hv0d8j2BDBrHoYEFtixoJcreuZikvD3HK+RZRm8QqgwpasgBurHeP8JZBLbJtCeA 
 4KcdbUzCNkiATuA73N41+faeUXRnkf9g1EhwsRQIYsvBCy1Hx71Q86nbheuWsOsD 
 CUee8Cop3bTGTGp+9pCY6AZcUOEVOKsc2WRpjlxp0vEH7XwYuug= 
 =SBwB 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,136 visits
(c) 1994,  bbs@darkrealms.ca