with regards to the documentation on debian package repositories i’d like to suggest the following improvements.
- instead of using
sudo apt-key add -
users should be instructed to save the key file to/usr/share/keyrings/seafile-keyring.asc
- the
seafile.list
file should then have[arch=amd64 signed-by=/usr/share/keyrings/seafile-keyring.asc]
instead of just[arch=amd64]
to tell apt where to find the right key for this particular repository - it is advised by debian that the key should be available as a binary format file with extension
*.gpg
instead of the ASCII-armored*.asc
format; if you’d replace your current (ASCII)seafile.key
with a binary exportedseafile-keyring.gpg
, adjust the former suggestions accordingly. note that apt will only accept ASCII keys with*.asc
extension or binary keys with*.gpg
extension, they must not be mixed up, and*.key
should not be used - the server address should always use
https
instead ofhttp
the benefit of this is enhanced security. keys added using apt-key add
are all added to a global keyring (/etc/apt/trusted.gpg
). this old method doesn’t specify for which repo a key is meant to be used, but package lists signed by any present key are silently accepted as trustworthy.