The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/16/bug-reporting.html Description:
Dear PostgreSQL Documentation Team, I hope this message finds you well. As a user and admirer of PostgreSQL, I greatly appreciate the effort and detail that goes into maintaining the project documentation and would like to take this opportunity to thank you for curating such a well crafted, valuable resource. This week I installed PostgreSQL 16 into an Ubuntu 22.04 LXD container, per these instructions https://www.postgresql.org/download/linux/ubuntu/ and observed a deprecation warning for apt-key on the following command: wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). I subsequently referred to the documentation which notes: DEPRECATION Except for using apt-key del in maintainer scripts, the use of apt-key is deprecated. This section shows how to replace existing use of apt-key. If your existing use of apt-key add looks like this: wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add - Then you can directly replace this with (though note the recommendation below): wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc Make sure to use the "asc" extension for ASCII armored keys and the "gpg" extension for the binary OpenPGP format (also known as "GPG key public ring"). The binary OpenPGP format works for all apt versions, while the ASCII armored format works for apt version >= 1.4. Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your filesystem by using the Signed-By option in your sources.list and pointing to the filename of the key. See sources.list(5) for details. Since APT 2.4, /etc/apt/keyrings is provided as the recommended location for keys not managed by packages. When using a deb822-style sources.list, and with apt version >= 2.4, the Signed-By option can also be used to include the full ASCII armored keyring directly in the sources.list without an additional file. This deprecation notice was introduced in Ubuntu Groovy Gorilla (20.10) which was released in October 2020. I therefore propose a documentation change for the Ubuntu instructions, altering the line command from: wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - to: wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/postgresql.asc as per the apt-key manual recommendation. This approach has been successful in my testing and has yielded no warnings or errors. The documentation proposes that an alternative location could be specified for the key, of which I do not have an opinion of at this time, therefore I would appreciate input on this location. Since Ubuntu tracks the upstream Debian repository, I propose the Debian instructions (https://www.postgresql.org/download/linux/debian/) are also updated with this change. Whilst this is not yet strictly a bug it will become one if/ when the deprecated apt-key functionality is removed. Resolving the warning would also improve the experience for new/ inexperienced users who are potentially installing PostgreSQL for the first time and do not understand the message. I therefore think it prudent to review and update these instructions at the earliest convenience. Thank you very much for considering my request. I look forward to your guidance on how best to proceed with this enhancement. Best regards, Daniel Dewberry