Open hydrian opened 2 weeks ago
I don't see anything failing
But I agree that using "your own keyring" is the way to go (nowadays).
But:
Adding a key to /etc/apt/trusted.gpg.d
is insecure because it adds the key for all repositories. This is exactly why apt-key
had to be deprecated
.
Adding a key to
/etc/apt/trusted.gpg.d
is insecure because it adds the key for all repositories. This is exactly whyapt-key
had to bedeprecated
.
I know that /etc/apt/trusted.gpg.d
isn't trused. It was a typo. The PR has been updated to use /etc/apt/keyrings.
I prefer consistency (because we have so many roles), can you make it just like the vagrant role?
I'll look into it. Not very familiar with vagrant.
Role fails because the task uses apt_key and adds it to the default keyring. Now extra repositories should use their own keyring and reference it the .list file