Code review comment for lp://qastaging/~smoser/vmbuilder/mfdiff-apt-key-transition

well, no.
because eventually there will be a host that does not have keys in
/etc/apt/trusted.gpg/* that can verify bionic (when the 2018-archive
signing key is retired).

essentially all you'd be doing there is changing this the keyring
maintained here to be 'obsolete-signing-keys'.

Possibly the right thing to do would be to have a package called
'ubuntu-keyring-retired'. Then if that package got updated correctly
mfdiff and other things could just rely on the fact that the
combination of keyrings provided by 'ubuntu-keyring' and
'ubuntu-keyring-retired' would be able to verify all things.

On Tue, Dec 11, 2018 at 3:15 PM Dan Watkins
<email address hidden> wrote:
>
> Would copying /etc/apt/trusted.gpg* in to the cache and then adding this keyring.gpg to cache_dir/etc/apt/trusted.gpg.d save us from having to do the maintenance in future?
> --
> https://code.launchpad.net/~smoser/vmbuilder/mfdiff-apt-key-transition/+merge/313797
> You are the owner of lp:~smoser/vmbuilder/mfdiff-apt-key-transition.