On a typical installation several apt GPG keys are added, be it for PPAs or other sources, and later go unused.
It is hard to identify in the GUI (software-properties) which keys are actually used for which repositories.
Is there an easy way to identify which keys are used at all, so that all the other keys can be removed?
In my opinion this has some security implications. If a repository owner loses their private key and updates the repository to use a new key, lots of people still have the old (non trustworthy) key installed, right?
No comments:
Post a Comment