Web lists-archives.com

Re: Bug#922155: [Pkg-matrix-maintainers] ITP: matrix-archive-keyring -- OpenPGP archive key for the Matrix.org package repository




On Wed, 2019-02-13 at 15:41 +0000, Linda Lapinlampi wrote:
> Template: matrix-archive-keyring/sources.list
> Type: boolean
> Default: false
> _Description: Use APT data sources from Matrix.org?
>  The Matrix.org Debian package repository distributes supplemental Matrix.org
>  related packages intended to work with the Debian distribution, but require
>  software software outside of the distribution to either build or function.
>  These packages are digitally signed with keys from matrix-archive-keyring.
>  .
>  The Debian Project will be unable to directly support issues faced from using
>  supplemental packages from this third-party repository. Packages from these
>  APT sources may be non-conforming to the technical requirements set in the
>  Debian Policy for the Debian distribution.

More important is the question if the system should /trust/ the keys.

IMHO installing a non-Debian keyring should *not* make the keys trusted
by APT by default (i.e. with the default answer if debconf is used).

ubuntu-keyring does that; most other keyrings sadly do not follow this.

Ansgar