Public bug reported: Here is an example of what I mean. For "regular" users this is really paper cut, since everyone does not know about keys or don't want to know. http://www.liberiangeek.net/2012/06/update-spotify-repository-key-in-ubuntu/
Proposal: Create a "follow up" system where the key has been "updated", as long as the user gets an option to use the new key it should be fine security wise. Another "similar" bug, although that bug seems to know the new key. https://bugs.launchpad.net/ubuntu/+source/apt/+bug/380912 ** Affects: apt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1023321 Title: apt should handle removed keys better To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1023321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs