Warn if the legacy trusted.gpg keyring is used for verification

With apt-key going away, people need to manage key files, rather than keys, so they need to know if any keys are in the legacy keyring.
author: Julian Andres Klode <jak@debian.org> 2022-01-07 12:43:32 +0100
committer: Julian Andres Klode <jak@debian.org> 2022-02-22 18:25:06 +0100
commit: 56adf743b02b80a9acc9a2e480bfd15acb94f755 (patch)
tree: 36c05dda8274832bc8d0af8d03cd38faf13ae63d /debian/NEWS
parent: 9aee35d1acafde2e443741160d13d365345383ab (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
index b5547fd12..50ee37653 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,11 @@
+apt (2.3.15) UNRELEASED; urgency=medium
+
+  GPG verification now first tries only the trusted.gpg.d keys, before
+  then falling back to the legacy trusted.gpg keyring and issuing a
+  warning to migrate keys if verification succeeded in the fallback.
+
+ -- Julian Andres Klode <jak@debian.org>  Fri, 07 Jan 2022 13:04:28 +0100
+
 apt (2.3.12) unstable; urgency=medium
 
   The solver will no longer try to remove Essential or Protected packages,
author	Julian Andres Klode <jak@debian.org>	2022-01-07 12:43:32 +0100
committer	Julian Andres Klode <jak@debian.org>	2022-02-22 18:25:06 +0100
commit	56adf743b02b80a9acc9a2e480bfd15acb94f755 (patch)
tree	36c05dda8274832bc8d0af8d03cd38faf13ae63d /debian/NEWS
parent	9aee35d1acafde2e443741160d13d365345383ab (diff)