| Recently, Canonical is committed to implementing a new way of managing PPA archives in future Ubuntu releases. |
Canonical announced that they have been working on a new way of managing PPAs (Personal Package Archives) in the upcoming Ubuntu 23.10 (Mantic Minotaur) release.
Ubuntu 23.10 development started at the end of April 2023, and some new features are starting to show up. Canonical's Julian Andres Klode revealed one of the new features on the Ubuntu mailing list, and it has to do with how PPA archives are handled.
Until now, Ubuntu managed PPA archives through traditional .list files stored in the /etc/apt/sources.list.d/ directory and GPG keys stored in /etc/apt/trusted.gpg.d.
It doesn't look like this approach is very reliable or safe. Therefore, starting with Ubuntu 23.10, which will be released on October 12, 2023, PPA archives will be stored as .sources files formatted using the DEB822 source format, which embeds the GPG key directly into the file's Signed-By field.
According to Canonical, this change provides several key advantages, such as when a PPA archive is deleted, the associated GPG key is also deleted, and the GPG key is dedicated to a specific PPA archive and cannot be used for other PPAs, other GPGs Keys cannot be used to sign PPAs.
The Ubuntu 23.10 system will also feature the upcoming GNOME 45 desktop environment, the Linux 6.5 kernel series, and some of the latest GNU/Linux technologies and open source applications.
The address of this article: Ubuntu 23.10 will improve PPA management to improve security | "Linux should learn like this"