Enhancing cross-distro collaboration via foreign archive keyring availability
Luca Boccassi
luca.boccassi at gmail.com
Wed Sep 4 19:52:16 UTC 2024
On Wed, 4 Sept 2024 at 20:09, Jeremy Bícha <jeremy.bicha at canonical.com> wrote:
>
> On Wed, Sep 4, 2024 at 8:48 AM Andreas Hasenack <andreas at canonical.com> wrote:
> > I think one cost that may be missing from this analysis is the burden of responsibility in the case of revoked keys. Should a key be revoked in, say, Fedora, Fedora users can obviously expect an expedited update to the keyring. But will the Fedora maintainers (again, just an example, pick $distro) remember to also propagate this update to every other non-fedora distro?
>
> I'm restating what I think is one point that Robie and Andreas are
> making.
>
> Is there a person or a team who is willing to commit to
> maintain each of these packages through Ubuntu's SRU or Security
> Update procedures for the life of Ubuntu releases? If not, it might be
> better if these packages were excluded from Ubuntu's stable releases.
Sorry, I thought the question was about upstream.
I am willing to maintain these packages for Ubuntu releases. I will
already do it in Debian.
More information about the ubuntu-devel
mailing list