Signing-key should be shared by PPAs owned by the same user
Bug #357177 reported by
Celso Providelo
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
High
|
Celso Providelo | ||
Bug Description
As discussed recently in lp-users ML [1], having specific signing-keys for each repository doesn't result in any security benefit, on the other hand, cause some extra hassle when a user want to enable those repositories.
Sharing the same signing-key with all PPA owned by the same user/team is perfectly fine from the authentication point of view.
This change will have implications in the signing-key UID, which will change by bug #344105.
[1] https:/
| Changed in soyuz: | |
| assignee: | nobody → cprov |
| importance: | Undecided → High |
| milestone: | none → 2.2.4 |
| status: | New → Triaged |
Revision history for this message
| Michael Rooney (mrooney) wrote | #1 |
Revision history for this message
| Celso Providelo (cprov) wrote | #2 |
| Changed in soyuz: | |
| status: | Triaged → In Progress |
Revision history for this message
| Celso Providelo (cprov) wrote | #3 |
| Changed in soyuz: | |
| status: | In Progress → Fix Committed |
| Changed in soyuz: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Excellent, this is a good idea, I am looking forward to it! What will happen to current people/teams with multiple PPAs?
And, will this fix the issue where new PPAs aren't immediately signed, in the case where the information can just be copied on creation? It can be annoying as a user of a new PPA to not be able to add the authentication information then but instead having to wait until it gets signed and you get an error.