Hi
Who do I have to badger to get the obsolete and frankly dangerous Debian repo instructions fixed @
https://www.postgresql.org/download/linux/debian/ ?
The manner proposed is really "not the done thing" in 2024 and it has been explicitly obsoleted by Debian so the
projectreally should not be promoting it as a supported manner to do things.
TL;DR: You should not be using blindly trusting keys for all repos (which is what apt-key add does). See
: https://wiki.debian.org/DebianRepository/UseThirdParty
Something like this is the way it should be done:
# Install GPG Certcurl -fsSL "https://www.postgresql.org/media/keys/ACCC4CF8.asc" \
| gpg --dearmor \
| sudo sponge /etc/apt/keyrings/postgresql.gpg
# Create source list file
. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/postgresql.gpg] https://apt.postgresql.org/pub/repos/apt
${VERSION_CODENAME}-pgdgmain" \
| doas sponge /etc/apt/sources.list.d/postgresql.list
## Install
doas apt-get update && apt-get -y install postgresql