Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-archive-keyr...@packages.debian.org, j...@debian.org Control: affects -1 + src:debian-archive-keyring
Please unblock package debian-archive-keyring [ Reason ] Users who upgrade from bullseye to bookworm (debian-archive-keyring_2021.1.1 -> 2023.2) will have leftover keyrings in /etc/apt/trusted.gpg.d as well as the new ASCII fragements. In contrast, users who have followed bookworm for some time do not because an intermediate version did the right things. The jump in version for normal upgraders reveals the issue. This is bug #1033153. [ Impact ] Misleading listings of keys from apt, and the danger that user changes don't take effect because of the duplication. [ Tests ] Thorough manual testing with a range of upgrade paths. [ Risks ] Trivial change to clean up obsolete files - the risk is low. Source debdiff attached. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock debian-archive-keyring/2023.3
diff -Nru debian-archive-keyring-2023.2/debian/changelog debian-archive-keyring-2023.3/debian/changelog --- debian-archive-keyring-2023.2/debian/changelog 2023-03-17 17:03:56.000000000 +0000 +++ debian-archive-keyring-2023.3/debian/changelog 2023-03-28 21:31:07.000000000 +0100 @@ -1,3 +1,9 @@ +debian-archive-keyring (2023.3) unstable; urgency=medium + + * Reinstate cleanup of the APT keyrings for buster (Closes: #1033153) + + -- Jonathan Wiltshire <j...@debian.org> Tue, 28 Mar 2023 21:31:07 +0100 + debian-archive-keyring (2023.2) unstable; urgency=medium * Reinstate buster keys for apt as fragments (Closes: #1033077) diff -Nru debian-archive-keyring-2023.2/debian/debian-archive-keyring.maintscript debian-archive-keyring-2023.3/debian/debian-archive-keyring.maintscript --- debian-archive-keyring-2023.2/debian/debian-archive-keyring.maintscript 2023-03-17 17:03:56.000000000 +0000 +++ debian-archive-keyring-2023.3/debian/debian-archive-keyring.maintscript 2023-03-28 21:23:44.000000000 +0100 @@ -9,6 +9,9 @@ rm_conffile /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg 2022.1~~ rm_conffile /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg 2022.1~~ # These ones are replaced by asc fragments +rm_conffile /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg 2023.3~~ +rm_conffile /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg 2023.3~~ +rm_conffile /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg 2023.3~~ rm_conffile /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg 2022.1~~ rm_conffile /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg 2022.1~~ rm_conffile /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg 2022.1~~