From 56adf743b02b80a9acc9a2e480bfd15acb94f755 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Fri, 7 Jan 2022 12:43:32 +0100
Subject: Warn if the legacy trusted.gpg keyring is used for verification

With apt-key going away, people need to manage key files, rather
than keys, so they need to know if any keys are in the legacy keyring.
---
 debian/NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'debian/NEWS')

diff --git a/debian/NEWS b/debian/NEWS
index b5547fd12..50ee37653 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,11 @@
+apt (2.3.15) UNRELEASED; urgency=medium
+
+  GPG verification now first tries only the trusted.gpg.d keys, before
+  then falling back to the legacy trusted.gpg keyring and issuing a
+  warning to migrate keys if verification succeeded in the fallback.
+
+ -- Julian Andres Klode <jak@debian.org>  Fri, 07 Jan 2022 13:04:28 +0100
+
 apt (2.3.12) unstable; urgency=medium
 
   The solver will no longer try to remove Essential or Protected packages,
-- 
cgit v1.2.3-70-g09d2