Replace deprecated apt-key with signed-by keyring for Debian/Ubuntu#427
Open
killrazor wants to merge 1 commit into
Open
Replace deprecated apt-key with signed-by keyring for Debian/Ubuntu#427killrazor wants to merge 1 commit into
killrazor wants to merge 1 commit into
Conversation
apt-key has been deprecated since Debian 11 / Ubuntu 22.04 and removed entirely in Debian Trixie. Keys added via apt-key go into the global trusted.gpg keyring, which means they are trusted system-wide for all repositories -- not just the one they were added for. This updates the Debian/Ubuntu install instructions to use the modern signed-by approach, scoping the Datto signing key to only the Datto repository. Fixes datto#407
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Debian/Ubuntu install instructions use apt-key adv, which has been deprecated since Debian 11 / Ubuntu 22.04 and removed entirely in Debian Trixie.
Keys added via apt-key go into the global trusted.gpg keyring, meaning they are trusted system-wide for all repositories, not just the one they were added for. This is a security concern -- a compromised key could be used to sign packages from any repo and APT would accept them.
This PR updates the Debian/Ubuntu section of INSTALL.md to use the modern signed-by approach:
Fixes #407