Jonathan Wiltshire wrote: > Attached patch adds a section in the upgrade guide to ensure gpgv is > installed. Most users will have this if they have followed previous > upgrade guidance not to skip releases. However, without it they will not > be able to upgrade at all because the release signing key is not > validated correctly.
A bit more explanation in the text would be helpful. Mind you, users who have been disregarding standard procedure to the extent of doing leapfrog dist-upgrades seem unlikely to be paying close attention to the procedure recommended in the bullseye-to-bookworm release notes! I gather this is an extra precautionary step *before* the upgrade, but is this "in case you've somehow accidentally ended up with only gpgv1 by accident" or are we expecting there to be users who have insisted on sticking with the familiar v1 UI or something? If there aren't, it's hard to see why gpgv1 still exists, let alone still satisfying apt's gpgv dependency even on bookworm... surely that has to be a bug? If it isn't, it is at least confusing enough to need some explanation. > + <section id="install-gpgv"> > + <title>Check gpgv is installed</title> > + <para> > + APT needs <command>gpgv</command> version 2 or greater to verify the > keys used > + to sign releases of &newreleasename;. Ensure it is installed with: Maybe something like: APT needs <command>gpgv</command> version 2 or greater to verify the keys used to sign releases of &newreleasename;. Since gpgv1 technically satisfies the dependency but is useful only in specialized circumstances, users may wish to ensure the correct version is installed with: > + </para> > + <screen> > +$ apt install gpgv > + </screen> > + </section> Requires root, so make it: # apt install gpgv -- JBR with qualifications in linguistics, experience as a Debian sysadmin, and probably no clue about this particular package