Re: pgdg-keyring - Mailing list pgsql-pkg-debian
| From | Magnus Hagander |
|---|---|
| Subject | Re: pgdg-keyring |
| Date | |
| Msg-id | CABUevEz7wTz+rj3z8-nMsQ=GiiLhJbfkEC-shpR7PRANthHG_w@mail.gmail.com Whole thread Raw |
| In response to | Re: pgdg-keyring (Christoph Berg <cb@df7cb.de>) |
| List | pgsql-pkg-debian |
On Sun, Nov 18, 2012 at 4:39 PM, Christoph Berg <cb@df7cb.de> wrote: > Re: Magnus Hagander 2012-11-18 <CABUevExbHLugeMJ_jd14s=CnErwxvKw=bMwyoOPBF2-5Xq0GVw@mail.gmail.com> >> > Feedback is welcome - I'm still pondering which of "pinning" and >> > "sources list entry" should be part of the package, and what to use as >> > defaults there for the debconf questions. The current plan would be to >> > add a pinning question, but default to "no" (principle of least >> > surprise for the casual user). >> >> I still argue that the default should be "yes", with the exact same >> argument about principle of least surprise :) >> >> But that could be because I misunderstand the actual question? > > Nah, it is the same discussion as we had at my place. I'm kind of > included to get the pgdg-keyring package included in Debian itself, so > we have an easy trust path. In Debian, the question of "prefer pgdg" > defaults might be different, but we certainly don't want to maintain > two versions of the same package, just with different defaults. > > I'll keep thinking about it :) Aha. I can see it being a more controversial thing to do if you want to push it into Debian itself. Speaking of which, is the name pgdg-keyring really the right one? If it *only* adds the key to the keyring it seems correct, but if it also adds a repository to your server it seems like a bad name for the package? >> But surely the system must cope with keys being installed more than >> once? More interesting is really what happens if you have two copies >> of the key - and only one of them is renewsed for exmaple.. > > That's the actual question. If we provide a new (renewed) key in the > package, apt (or gpg) must not get confused by the other copy. (The > fix is probably to remove the "manual" key on installation of the > pgdg-keyring package.) Yeah, unless it's smart enough to recognize which key is valid and only use that one. As you say, some testing is probably required :) >> > [*] Should I rather call that pgdg.gpg? >> >> No, I think that is a good name. It shows it's a key for the apt >> repository specifically. There is a different GPG key used for the yum >> repo, for example. > > Well, we are using "pgdg" in lots of other places, so we should > (could?) probably use it here too. We could. But I think calling it apt.postgresql.org.gpg is more clear :) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
pgsql-pkg-debian by date: