Public bug reported: PPAs are third party repositories. for security reasons, PGP keys for these must not be placed in /etc/apt/trusted.gpg.d, according to this document:
https://wiki.debian.org/DebianRepository/UseThirdParty they should instead be saved to /usr/share/keyrings and the generated .list file for the repo added should refer to its particular key by using a [signed-by=/usr/share/keyrings/...] argument. this ensures that the downloaded PGP key will only be used to verify a particular repository and is not globally available to verify package lists of all configured repositories (as are all keys found in /etc/apt/trusted.gpg.d). please fix add-apt-repository accordingly. Ubuntu 20.04.2 LTS software-properties-common 0.98.9.5 ** Affects: software-properties (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1933537 Title: add-apt-repository should store PGP keys in /usr/share/keyrings because /etc/apt/trusted.gpg.d is deprecated for third party repos Status in software-properties package in Ubuntu: New Bug description: PPAs are third party repositories. for security reasons, PGP keys for these must not be placed in /etc/apt/trusted.gpg.d, according to this document: https://wiki.debian.org/DebianRepository/UseThirdParty they should instead be saved to /usr/share/keyrings and the generated .list file for the repo added should refer to its particular key by using a [signed-by=/usr/share/keyrings/...] argument. this ensures that the downloaded PGP key will only be used to verify a particular repository and is not globally available to verify package lists of all configured repositories (as are all keys found in /etc/apt/trusted.gpg.d). please fix add-apt-repository accordingly. Ubuntu 20.04.2 LTS software-properties-common 0.98.9.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1933537/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
