On Tue, Feb 02, 2021 at 03:54:34PM +0100, Julian Andres Klode wrote: > Best practice will be to embed the key into a deb822 sources file, but > that's for bookworm+ and doesn't help much yet. > > As of now, there are no best practices. I just drop files into > trusted.gpg.d, others drop them into /usr/[local/]share/keyrings and use > signed-by. > > Hence I don't want to commit to anything too concrete yet, either way.
Thanks Julian - that's a really helpful explanation of the situation. Best wishes, Julian
