TODO remove default ROS gpg key from script

[tfoote]

This was hard coded to get things working quickly. It should be in the job template.

@dirk-thomas please review #202 fix

[dirk-thomas]

Still unclear why this changed but the patch looks good.

[tfoote]

Apparently the lack of validation was a bug recently fixed: http://changelogs.ubuntu.com/changelogs/pool/main/a/apt/apt_0.8.16~exp12ubuntu10.17/changelog

apt (0.8.16~exp12ubuntu10.17) precise-security; urgency=low

  * SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
    - warn if not authenticated in cmdline/apt-get.cc, added regression
      test to test/integration/test-apt-get-source-authenticated,
      test/integration/framework.
    - CVE-2014-0478

 -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 12 Jun 2014 14:12:19 +0200

When we deploy this we will need to reconfigure the release jobs.

[dirk-thomas]

Sounds good to me - the reconfigure will happen anyway once a day. Go ahead and deploy it shortly before the job.

[tfoote]

Deployed a long time ago