[14:37] <juliank> cjwatson: Do you think it's possible to have launchpad directly provide us binary GPG public keys for PPAs to store in trusted.gpg.d? Avoids GPG on the client
[14:37] <juliank> xnox: ^ here we go
[14:39] <juliank> It should end in .gpg I think. I have some weird things I'm thinking about regarding TOFU repository adding. :D (list Key URI in Release file, and generalize add-apt-repository)
[14:39] <xnox> the "best" thing I could come of with, to approximate that is:
[14:40] <xnox> $ curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=<FINGERPRINT>' | gpg --no-default-keyring --import --import-options import-minimal,import-export > /etc/apt/trusted.gpg.d/<FINGERPRINT>.gpg
[14:40] <xnox> but ideally we would just do a REST call to launchpad, to get a minimal, clean public key.
[14:46] <cjwatson> juliank: That would be https://bugs.launchpad.net/launchpad/+bug/1667725 .  I don't think it's particularly terrible, just needs code
[14:46] <mup> Bug #1667725: [feature request] make full ppa signing public key available over https <cpe-onsite> <Launchpad itself:New> <https://launchpad.net/bugs/1667725>
[14:47] <cjwatson> juliank: Why the constraint on the URL?
[14:48] <juliank> cjwatson: APT supports both .asc and .gpg files (armored and binary); and I'd like to know what I'm fetching. I'm thinking about extending Release files with a "link to key" field.
[14:48] <cjwatson> Right, but is there any particular reason to have that as an extension-style suffix in the URL?
[14:48] <cjwatson> We should clearly define which is which.  Is there a positive reason to have the binary variant?
[14:49] <juliank> It does not need to be dearmored on the client side
[14:49] <juliank> older apts support it
[14:49] <cjwatson> OK, so you'd actually need to process that?  Fair enough
[14:49] <cjwatson> In which case, is there a positive reason for LP to expose the armoured variant? :)
[14:51] <juliank> I don't think so. Unless you want to provide human-consumable variants
[14:51] <cjwatson> I think I care more about having less code
[14:52] <juliank> :D
[15:11] <juliank> cjwatson: I don't think we need to worry about the extension, I can encode that differently if I come up with some format
[15:11] <juliank> (for Release file metadata)
[16:53] <xnox> the argument that armored is somehow is more human readable, than binary, is dubious -> both look like jibberish; one is simply formatted to be justified.
[16:53] <xnox> it would be more useful to have the .asc format; if the comments had URLs where one can get the updated new key; or which repository it belongs to.
[17:04] <cjwatson> This sounds like feature creep.
[19:28] <juliank> xnox: not readable, but consumable - e.g. can be copy pasted into something