update installation instructions with new repo #9500
Conversation
change mentions of https://riot.im/packages to https://packages.riot.im add instructions to remove old, now-untrusted riot.im signing key update language and move from 'apt-get` to the simpler `apt`
better wording Co-Authored-By: axelsimon <github@axelsimon.net>
README.md
Outdated
| Releases are signed by PGP, and can be checked against the public key | ||
| at https://riot.im/packages/keys/riot.asc . | ||
| Releases are signed using gpg and the OpenPGP standard, and can be checked against the public key located | ||
| at https://packages.riot.im/debian/riot.im-archive-keyring.asc . |
There was a problem hiding this comment.
This doesn't exist, did you mean riot-im-archive-keyring.asc ? Also someone is going to have to explain to me the difference between that and https://packages.riot.im/riot-release-key.asc
There was a problem hiding this comment.
Good catch. Thanks.
I really meant https://packages.riot.im/riot-release-key.asc, I'll amend.
There was a problem hiding this comment.
given that's also Dave's suggestion, I'm inclined to trust that too :D
There was a problem hiding this comment.
So we've got https://packages.riot.im/riot-release-key.asc for the general package signing and https://packages.riot.im/debian/riot.im-archive-keyring.asc as the key to add to apt's key store, on Debian. Correct?
There was a problem hiding this comment.
Those sound like the right things to me
There was a problem hiding this comment.
Yep, that's right - the signing keys are now separate with one the one in /debian for the debian repo and the release key for signing the web release tarballs.
apt-getto the simpleraptSigned-off-by: axel simon
<axelsimon at axelsimon.net>