Re: pgdg-keyring

On Sun, Nov 18, 2012 at 1:55 PM, Christoph Berg <cb@df7cb.de> wrote:
> Did I mention the new pgdg-keyring package here yet?

Nope.


> Feedback is welcome - I'm still pondering which of "pinning" and
> "sources list entry" should be part of the package, and what to use as
> defaults there for the debconf questions. The current plan would be to
> add a pinning question, but default to "no" (principle of least
> surprise for the casual user).

I still argue that the default should be "yes", with the exact same
argument about principle of least surprise :)

But that could be because I misunderstand the actual question?


> We also need to investigate how well the package works when there's
> already a copy of the key in /etc/apt/trusted.gpg - which is the case
> when
>
> wget -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add -
>
> is used, while pgdg-keyring installs
> /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg [*]. Possibly we need to
> wipe the trusted.gpg version when the package is installed.

Yeah, I think we can expect a number of people to have done that
already. And certainly some who prefer doing it that way.

But surely the system must cope with keys being installed more than
once? More interesting is really what happens if you have two copies
of the key - and only one of them is renewsed for exmaple..

> [*] Should I rather call that pgdg.gpg?

No, I think that is a good name. It shows it's a key for the apt
repository specifically. There is a different GPG key used for the yum
repo, for example.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/