[feature request] make full ppa signing public key available over https
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Colin Watson | ||
software-properties (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Currently, for a ppa, launchpad makes the long key fingerprint available over https. I'd like to request that it also make the full public key available over https.
Many people use add-apt-repository extensively for using ppas ('add-apt-
As I understand it, that basically does:
a. request the 'archive urls', 'description' and long key fingerprint over https from launchpad.net
b. does gpg --recv <long-key-
c. adds the result of 'b' to apt using 'apt-key'
Since launchpad is the owner of the signing key for the ppa, why not have it just give us the full public key over the same api that it provides the other bits of information?
My experience is that gpg servers are less reliable than we'd like, and even if they were as reliable as launchpad, any use of a ppa now effectively depends on 2 external systems when 1 could suffice.
Related branches
- William Grant: Approve (code)
-
Diff: 203 lines (+98/-2)4 files modifiedlib/lp/services/gpg/interfaces.py (+5/-1)
lib/lp/soyuz/interfaces/archive.py (+12/-1)
lib/lp/soyuz/model/archive.py (+9/-0)
lib/lp/soyuz/tests/test_archive.py (+72/-0)
- Colin Watson: Approve
-
Diff: 138 lines (+41/-8)3 files modifieddebian/changelog (+7/-0)
softwareproperties/ppa.py (+29/-8)
tests/test_lp.py (+5/-0)
- No reviews requested
description: | updated |
tags: | added: cpe-onsite |
Changed in launchpad: | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Colin Watson (cjwatson) |
tags: | added: api feature lp-registry |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
Changed in software-properties (Ubuntu): | |
status: | New → In Progress |
Changed in software-properties (Ubuntu): | |
importance: | Undecided → Medium |
Launchpad itself doesn't hold the full key material other than in caches - it relies on being able to fetch key material from the keyservers itself - so this would probably just move unreliability around.