Am Montag, den 30.11.2009, 15:51 +0100 schrieb Tollef Fog Heen: > Package: apt > Severity: serious > Version: 0.7.24 > Justification: overwrites local configuration changes > > I have removed some keys from my apt keyring, but it seems like apt > always re-adds them when configuring: > > shashlik# apt-key list > /etc/apt/trusted.gpg > -------------------- > pub 1024D/6070D3A1 2006-11-20 [expired: 2009-07-01] > uid Debian Archive Automatic Signing Key (4.0/etch) > <ftpmas...@debian.org> > > pub 1024D/ADB11277 2006-09-17 > uid Etch Stable Release Key <debian-rele...@lists.debian.org> > > [...] > > shashlik# apt-key remove ADB11277 > OK > shashlik# apt-key update > gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch) > <ftpmas...@debian.org>" not changed > gpg: key ADB11277: public key "Etch Stable Release Key > <debian-rele...@lists.debian.org>" imported > gpg: key BBE55AB3: "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" > not changed > gpg: key F42584E6: "Lenny Stable Release Key > <debian-rele...@lists.debian.org>" not changed > gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) > <ftpmas...@debian.org>" not changed > gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key > (5.0/lenny)" not changed > gpg: Total number processed: 6 > gpg: imported: 1 > gpg: unchanged: 5 > gpg: no ultimately trusted keys found > shashlik# apt-key list > /etc/apt/trusted.gpg > -------------------- > > [...] > > pub 1024D/ADB11277 2006-09-17 > uid Etch Stable Release Key <debian-rele...@lists.debian.org> > > shashlik# > > from apt.postinst: > > case "$1" in > configure) > > if ! test -f /etc/apt/trusted.gpg; then > cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg > fi > > apt-key update > > ;; > > so it is actually a double policy violation: removing > /etc/apt/trusted.gpg is a perfectly legal configuration change that apt > must not override. Ditto, removing a key is a perfectly legal > configuration change that apt must not override in its postinst. We should move it to /var/lib/apt, cupt does this and it seems to be a much more logical location for such data.
-- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org