[buildd-tools-devel] Bug#801798: Bug#801798: Bug#801798: please support building package without generating a gpg key for sbuild
Roger Leigh
rleigh at codelibre.net
Mon Dec 7 22:01:41 UTC 2015
On 07/12/2015 20:13, Johannes Schauer wrote:
> Quoting Benjamin Drung (2015-12-07 12:37:01)
>> Adding cases complicates the code. So why not just change the behavior to
>> always use "[ trusted=yes ]"?
>
> with apt's support for [trusted=yes] lines in sources.list I cannot think of a
> reason why one would want to sign the internal repository.
>
> Is anybody able to come up with a reason?
>
> Otherwise it might indeed make sense to just never sign that repository. It's a
> local file:// repository so there should not be any security problems.
>
> Maybe the signing of the internal repository came from a time where apt didn't
> have the trusted=yes option?
That's almost certainly the reason why. I can't recall for certain, but
it sounds very likely--we wouldn't have gone to all that effort in
making it signed for no reason, and this being the only way to make it
work at that point in time sounds quite likely.
Regards,
Roger
More information about the Buildd-tools-devel
mailing list