Package: debian-archive-keyring Severity: minor Hi,
debian-archive-keyring should remove old keys on upgrades, see forwarded mail. The call to apt-key update should only be run if apt-key and gpg both can be found since dependencies are not guaranteed to be available in postrm. The check for gpg to be available is necessary because apt could possibly recommend gnupg in future and thus apt-key could be available but not gpg. So it could be something like this: | if [ -x /usr/bin/apt-key ] && [ -x /usr/bin/gpg ]; then | /usr/bin/apt-key update | fi Regards Carsten ----- Forwarded message from Philipp Kern <pk...@debian.org> ----- Date: Sun, 22 Aug 2010 16:10:03 +0200 From: Philipp Kern <pk...@debian.org> To: Carsten Hey <cars...@debian.org>, 387...@bugs.debian.org Subject: Re: Bug#387688: Add gnupg as apt dependency in Squeeze to be able to solve #387688 in Squeeze+1? Organization: The Debian Project (http://www.debian.org) On Sun, Aug 22, 2010 at 03:11:19PM +0200, Carsten Hey wrote: ... > This is unrelated, but filing a bug for something that is probably by > intention (to make apt's ability to be able to verify signatures less > fragile) did not sound useful. debian-archive-keyring does not remove > the key in its prerm, unlike debian-backports-keyring: > > | case "$1" in > | remove|purge) > | if [ -x /usr/bin/apt-key ]; then > | /usr/bin/apt-key del 12345678 > | fi > | ;; > | esac Hm, interesting. It seems that d-a-k misses a call to `apt-key update' as a postrm script. Would you mind filing a bug about that? Apart from that key removals on upgrade are handled by calling `apt-key update' in the postinst, so we just pass in the removed keys keyring which is handled internally (and specially) by apt-key itself. Kind regards, Philipp Kern ----- End forwarded message ----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org