debsuryorg-archive-keyring
Malcolm Scott
Malcolm.Scott at cl.cam.ac.uk
Thu Feb 13 15:57:02 UTC 2025
Hi all,
With apologies if this is a FAQ: why do the ISC BIND packages for Ubuntu,
linked from https://kb.isc.org/docs/isc-packages-for-bind-9 and published at
https://launchpad.net/~isc/+archive/ubuntu/bind, depend on
debsuryorg-archive-keyring? That package makes Apt trust a key for an
entirely different Apt repository, not used (as far as I can tell) by the
Launchpad PPA at all. (Also it installs the key into
/etc/apt/trusted.gpg.d, which is considered insecure and deprecated [1].)
$ apt-key list
(...)
/etc/apt/trusted.gpg.d/debsuryorg-archive.gpg
---------------------------------------------
pub rsa3072 2019-03-18 [SC] [expires: 2026-02-04]
1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743
uid [ unknown] DEB.SURY.ORG Automatic Signing Key <deb at sury.org>
sub rsa3072 2019-03-18 [E] [expires: 2026-02-04]
(...)
(Or should I treat deb.sury.org, rather than the Launchpad PPA, as the
official repository for these packages?)
Malcolm
[1] https://salsa.debian.org/apt-team/apt/-/raw/2.9.24/debian/NEWS
More information about the bind-users
mailing list