PostgreSQL Apt Repository instructions need updating
Re: https://www.postgresql.org/download/linux/debian/
The instructions presented for key handling are not inline with Debian best-practices
As per https://wiki.debian.org/DebianRepository/UseThirdParty:
"The key MUST be downloaded over a secure mechanism like HTTPS to a location only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add. A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint."
On 5 Aug 2021, at 13:52, Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch> wrote:
Re: https://www.postgresql.org/download/linux/debian/
The instructions presented for key handling are not inline with Debian best-practices
As per https://wiki.debian.org/DebianRepository/UseThirdParty:
"The key MUST be downloaded over a secure mechanism like HTTPS to a location only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add. A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint."
Moving this thread to pgsql-www@ which since this info is maintained by the web
team and it might get more attention there.
--
Daniel Gustafsson https://vmware.com/