I've created a new PPA in which to maintain the backported versions of
the latest Debian packages to Ubuntu releases:
https://launchpad.net/~xapian/+archive/ubuntu/backports
The reason for this change is that the existing PPA is stuck using a
GPG key created when the PPA was first created a decade ago. This
is a 1024 bit RSA key using SHA1 as the hash, and that's not really
secure by modern standards.
Sadly Launchpad doesn't provide a way to generate a new key for an
existing PPA. And worse, once a user or team has a PPA key it gets
reused for new PPAs under that user or team (even if you delete all
PPAs before creating a new one):
https://bugs.launchpad.net/launchpad/+bug/1331914
https://bugs.launchpad.net/launchpad/+bug/1700167
There's no indication that these problems are going to get fixed any
time soon, so I've had to create a new "xapian" team to work
around
them.
To switch a machine using the existing PPA to use the new PPA you can
run these commands:
sudo add-apt-repository --remove ppa:xapian-backports/ppa
sudo add-apt-repository ppa:xapian/backports
sudo apt-get update
To show this is a genuine change I've added a link to the new PPA in
the description of the old one at:
https://launchpad.net/~xapian-backports/+archive/ubuntu/ppa
Also this message is also GPG signed with my personal GPG key.
I've also updated the download page on the website.
I've also deleted the "xapian-1.2" PPA which contained packages of
Xapian 1.2.x for precise and trusty. We closed the 1.2 release series
more than 3 years ago, precise reached end of life more than two years
ago and trusty nearly four months ago.
Cheers,
Olly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL:
<http://lists.xapian.org/pipermail/xapian-discuss/attachments/20190823/f2ef99e3/attachment.sig>
