Improvements to PPA management in 23.10 (deb822 sources)
Julian Andres Klode
julian.klode at canonical.com
Tue May 16 09:40:03 UTC 2023
Forwarding this from
https://discourse.ubuntu.com/t/improvements-to-ppa-management-in-23-10/35783
for broader visibility:
We’re excited to announce the release of software-properties 0.99.37,
just uploaded to mantic-proposed! This update brings a significant
change to how PPAs are managed on Ubuntu systems, thanks to the hard
work of @enr0n.
In previous versions of Ubuntu, PPAs were managed through a
traditional .list file located at /etc/apt/sources.list.d/,
accompanied by a gpg keyring at /etc/apt/trusted.gpg.d.
However, starting with version 23.10, we have introduced a new
approach. PPAs are now added as deb822-formatted .sources files, where
the keys are directly embedded into the file’s Signed-By field. This
change offers several key advantages:
Removal of a repository also removes its associated key.
Establishes a 1:1 relationship between the PPA and its key:
The key is dedicated to the specific PPA and cannot be used for other
repositories (unlike the old trusted.gpg.d, which was a global store
for all sources).
Other keys cannot be utilized to sign the PPA.
We believe that these enhancements will enhance the security and
reliability of managing PPAs on your Ubuntu systems. Stay tuned for
more updates and let us know your feedback
More information about the ubuntu-devel
mailing list