diff options
Diffstat (limited to 'tags/p/package-installs-apt-keyring.tag')
-rw-r--r-- | tags/p/package-installs-apt-keyring.tag | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tags/p/package-installs-apt-keyring.tag b/tags/p/package-installs-apt-keyring.tag new file mode 100644 index 0000000..fe4b439 --- /dev/null +++ b/tags/p/package-installs-apt-keyring.tag @@ -0,0 +1,13 @@ +Tag: package-installs-apt-keyring +Severity: error +Check: apt +See-Also: apt-key(8) +Explanation: Debian packages should not install files under + <code>/etc/apt/trusted.gpg.d/</code> or install an + <code>/etc/apt/trusted.gpg</code> file. + . + Trusted keyrings are under the control of the local administrator and + packages should not override local administrator choices. + . + Packages whose names end in <code>-apt-source</code> or + <code>-archive-keyring</code> are permitted to install such files. |