[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Updated tarsnap-archive-keyring .deb package using "signed-by"

The official tarsnap-archive-keyring .deb package has been updated to version
2021.09.29, and supports "signed-by" in sources.list.

If you have tarsnap on an existing .deb-based linux distribution, no action is
needed.  The next time you run
    apt-get update && apt-get upgrade
you'll get the new package.

If you are installing tarsnap onto a deb-based linux distribution released in
2016 or later, we recommend a slightly different set of copy&paste
That said, the old method still works.  So if you've scripted this (for
example, for installing tarsnap into a container), then feel free to continue
to use the old instructions for now.  We expect that the "old instructions"
(which use /etc/apt/trusted.gpg.d/) will fail with new .deb-based Linux
distributions in mid-2022, hence this new method.

If you are installing on a linux distribution released in 2015 or older, you
cannot use the new "signed-by" method.  Those instructions are still available: 

In approximately a week, we will release a new tarsnap-archive-keyring package
which contains the signing keys for 2022.  No special announcement will be
made at that time, because it will be our annual key rotation.

For additional technical background, please see the announcement of
experimental packages:
(Anybody on this mailing list will have seen it already; this paragraph is
intended for anybody who discovers this message in the mailing list archives
via a web search.)

- Graham Percival