Re: Bug#1033675: release-notes: apt-key improves system security with 3rd party sources
Am Montag, 1. Mai 2023, 14:40:18 CEST schrieben Sie:
> On Wed, 29 Mar 2023 22:58:35 +0200 Rainer Dorsch <ml@bokomoko.de> wrote:
> > according to
> > https://linuxnews.de/2021/04/10/debian-11-repositories-aus-3-hand-ohne-apt
> > -key-einbinden/ Debian 12 supports and requires a safer way to import keys
> > for 3rd party repos. If that is the case, I suggest to add this to the
> > release notes, since it is a nice security enhancement feature.
> hi this sounds interesting - i can help develop some text, but you
> will need me more info on what the new feature is: the webpage
> you link to is in german, but the title says debian 11, and the first
> links is to a wiki page giving instructions for 'stretch or later'.
> The bit about writing
> 'signed-by' in sources.list has been available since, i think, buster....
>
> so is there actually a new feature for debian 12?
I am not the expert, therefore I copy the apt team to confirm if that is a new
feature.
The webpage says that the new part in Debian 12 is that you cannot use the
legacy way to add 3rd party sources anymore (using apt-key).
Instead
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor |
sudo tee /usr/share/keyrings/signal-archive-keyring.gpg
has to be used and /etc/apt/sources.list(.d) has to be adapted accordingly:
deb [signed-by=/usr/share/keyrings/signal-archive-keyring.gpg] https://
updates.signal.org/debian/ stable main
I understood: Debian 12 enforces the secure way of adding 3rd party sources.
I assume, if somebody used the old way to include 3rd party sources, he has to
do something to keep the functionality.
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Reply to: