Dovecot Debian repo instructions need updating
Laura Smith
n5d9xq3ti233xiyif2vp at protonmail.ch
Thu Aug 5 14:42:13 EEST 2021
Re: https://doc.dovecot.org/installation_guide/dovecot_community_repositories/debian_packages/
The instructions need updating for two reasons:
1) Keep up to date with Debian releases (https://wiki.debian.org/DebianReleases), i.e. remove reference to 8.0 "Jessie" and replace with 10.0 "Buster".
2) The instructions presented for key handling are not inline with Debian best-practices.
As per https://wiki.debian.org/DebianRepository/UseThirdParty: "The key MUST be downloaded over a secure mechanism like HTTPS to a location only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add. A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint."
More information about the dovecot
mailing list