>
> I don't have anything further to add to this sub-thread. I think I've
> made valid points about what our requirements should be to ensure that
> changes to key material are done in a way that our users can trust, why
> not doing so would reduce user security compared to what happens in
> Debian, and justified my position. I've also made some suggestions on
> how I think this can be implemented without too much pain.
>
> If you don't want to do those things, then my opinion is that these
> changes are not suitable for SRU in Ubuntu.
Question then: what makes archlinux-keyring or debian-*-keyring
packages different from distribution-gpg-keys? Shouldn't both of them
get kicked out of the Ubuntu archive for the same reason?
--
Neal Gompa (FAS: ngompa)
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
