We’re excited to announce the release of software-properties 0.99.37, just uploaded to mantic-proposed! This update brings a significant change to how PPAs are managed on Ubuntu systems, thanks to the hard work of @enr0n.
In previous versions of Ubuntu, PPAs were managed through a traditional .list file located at /etc/apt/sources.list.d/, accompanied by a gpg keyring at /etc/apt/trusted.gpg.d.
However, starting with version 23.10, we have introduced a new approach. PPAs are now added as deb822-formatted .sources files, where the keys are directly embedded into the file’s
Signed-By field. This change offers several key advantages:
- Removal of a repository also removes its associated key.
- Establishes a 1:1 relationship between the PPA and its key:
- The key is dedicated to the specific PPA and cannot be used for other repositories (unlike the old trusted.gpg.d, which was a global store for all sources).
- Other keys cannot be utilized to sign the PPA.
We believe that these enhancements will enhance the security and reliability of managing PPAs on your Ubuntu systems. Stay tuned for more updates and let us know your feedback!