Request: Rename "ubuntu-keyring" package to "ubuntu-archive-keyring" for consistency with Debian
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-keyring (Ubuntu) |
Opinion
|
Undecided
|
Unassigned |
Bug Description
The package that Ubuntu calls "ubuntu-keyring" is present in Debian as "ubuntu-
Debian has separate "debian-keyring" and "debian-
d-k: GnuPG keys of Debian Developers and Maintainers
d-a-k: GnuPG archive keys of the Debian archive
IMO this is a reasonable distinction, as the keys of developers/
Thus, the current "ubuntu-keyring" package would be better named "ubuntu-
Ubuntu will not ship a keyring with ubuntu uploaders keys.
The permission model in ubuntu is very different from debian and is not based on GPG web of trust. In debian, any DD can upload any package, thus debian-keyring make sense to keep track of all the uploader keys. In Ubuntu, launchpad is the only thing that enforces which keys are allowed to upload and they are scoped a lot - only a minority of keys are allowed to upload anything, and vast majority of uploaders can only upload individual packages or subsets of them.
I have no idea why debian choose a different name when importing our package =/
If that is of any help, i'm happy to add Provides stanzas to help with discovery. But I very much see no benefit in renaming this key package in Ubuntu, given that we have not changed it since Ubuntu inception.
Note that the ubuntu-keyring package ships not only the keyring that is used to validate APT archives, but other signed metadata as well, for example - /pool/ on the ISOs; cdimage checksum files of ubuntu ISOs; cloud images simplestreams metadata; cloud images checksum files; master key for archive key rotation.
Thus naming the package (either source, of one of the binaries) as ubuntu- archive- keyring makes no sense, as it validates more than just the APT archive.