by 
Canonical announced today that they’ve been working on a new approach to how PPAs (Personal Package Archives) are managed in the upcoming Ubuntu 23.10 (Mantic Minotaur) release.
Development of Ubuntu 23.10 kicked off at the end of April 2023 and now we start to see new features landing in the upcoming release. One of these new features was revealed by Canonical’s Julian Andres Klode on the Ubuntu mailing list and it’s related to how PPA archives will be handled.
Until now, Ubuntu managed PPA archives through a traditional .list file that was stored in the /etc/apt/sources.list.d/ directory and accompanied by a GPG keyring stored on /etc/apt/trusted.gpg.d.
It would appear that this approach was not very reliable or secure. Therefore, starting with Ubuntu 23.10, due out on October 12th, 2023, PPA archives will be stored as .sources files formatted with the DEB822 source format, which embeds the GPG keys directly into the file’s Signed-By field.
Canonical says that this change offers several key advantages, such as the fact that when the PPA archive is removed the associated GPG key will be removed as well and that the GPG key is dedicated to the specific PPA archive and can’t be used for other PPAs and other GPG keys can’t be used to sign the PPA.
If you’re using many PPAs on your Ubuntu system, I believe you’ll find this change interesting enough to upgrade to Ubuntu 23.10, which will also ship with the upcoming GNOME 45 desktop environment, the upcoming Linux 6.5 kernel series, as well as some of the latest and greatest GNU/Linux technologies and Open Source applications.
Last updated 12 months ago
