The Ubuntu team announced that in Ubuntu 23.10, the management of personal package archives PPA will be improved, further enhancing security and reliability.
Personal Package Archives PPA (Personal Package Archives) is an important feature of Ubuntu Linux, which can easily expand the official Ubuntu repository with packages from other channels, such as providing updated versions of software or software that is not included in the official Ubuntu archive.
Until now, Ubuntu's PPAs were managed through a .list file in /etc/apt/sources.list.d, while its GPG keys were added in the /etc/apt/trusted.gpg.d file. Starting with Ubuntu 23.10, the PPA will be managed by a .sources file in deb822 format, with the key embedded directly in the file's Signed-By field.
The redesigned Ubuntu PPA has several key advantages over existing management methods. For example, when deleting a repository, the key in the associated field will be automatically deleted, so there is no need to worry about leakage.
Second, there is a one-to-one relationship between new PPAs and keys, with each key being dedicated to a specific PPA and not affecting other repositories. (The old trusted.gpg.d file is the global storage for all software sources, deleting this file will affect all keys)
Learn more details about changes to the Ubuntu 23.10 PPA in this discussion thread .