Merge ~cjwatson/launchpad:stop-ppa-key-propagation into launchpad:master
Proposed by
Colin Watson
Status: | Needs review |
---|---|
Proposed branch: | ~cjwatson/launchpad:stop-ppa-key-propagation |
Merge into: | launchpad:master |
Diff against target: |
337 lines (+36/-145) 6 files modified
lib/lp/archivepublisher/archivegpgsigningkey.py (+0/-27) lib/lp/archivepublisher/tests/archive-signing.txt (+13/-61) lib/lp/archivepublisher/tests/test_archivegpgsigningkey.py (+17/-17) lib/lp/soyuz/model/archive.py (+0/-8) lib/lp/soyuz/stories/webservice/xx-archive.txt (+1/-1) lib/lp/soyuz/tests/test_archive.py (+5/-31) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Robert Hardy (community) | Needs Fixing | ||
Launchpad code reviewers | Pending | ||
Review via email: mp+392627@code.qastaging.launchpad.net |
Commit message
Stop propagating signing keys between an owner's PPAs
Description of the change
Things were perhaps different in 2009 when this feature was designed, but add-apt-repository has dealt with fetching keys on a per-archive basis for a long time now, and it makes more sense for keys to be per-archive. This also improves behaviour for users whose default archive was created long enough ago that it has a 1024-bit signing key.
To post a comment you must log in.
There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.
https:/ /bugs.launchpad .net/launchpad/ +bug/357177 was where the behaviour was implemented, which links to https:/ /lists. launchpad. net/launchpad- users/msg04943. html.
There were in the past concerns about keyserver pollution, I believe. PPAs are now often pretty ephemeral, and frequently created and deleted, but all the keys will stay around forever, filling up name-based key search results. It would also reveal the name of private PPAs.
I don't think we should change the behaviour until we stop using the main keyserver network for PPA keys.