A brief summary of Discourse.ros.org since your last visit on April 13
Popular postsHi Everyone, We've been using the ROS gpg key for many years now and unfortunately it's now considered obsolescent due to advancements in encryption technology. At OSRF we use the ROS key to sign the debian repositories. This is the key that you need to import before you can apt-get install ROS packages. We are planning to generate a new more modern key following the new standards. There are several different ways to deploy the key however. The two methods that we have come down to are as follows.
There are tradeoffs to both. Here are some of the highlights as follows. Approach 1 Tradoffs
Approach 2 Tradeoffs
Request for feedbackOverall 1 is more secure, but more disruptive. Option 2 will change things going forward in a non-disruptive way but the cost of that lack of disruption is to not make installation on existing systems more secure. We'd like to know your thoughts on whether we should use approach 1 or 2. ResourcesIf you'd like to know more about the underlying issue here are some links:
|