I think we reached somewhat of an agreement that net-update is a bad idea and should not be done. It also depends on gnupg.
We should eventually consider developing something else, but I'm not sure how that would look like. Currently, there is no way to revoke keys except through packages, basically, which is a security issue. We need to provide signed keyfiles on different locations that apt can download so an attacker cannot use a broken key and MITM exisiting repositories forever. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624378 Title: apt-key net-update should use trusted.gpg.d/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1624378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
