Documentation [and repository-dist package] should be changed to the following style:
deb [signed-by=/usr/share/keyrings/docker.gpg] tor+https://download.docker.com/linux/debian bullseye stable
New signed-by method:
APT signing keys should be stored in folder
/usr/share/keyrings/ instead of
/usr/share/keyrings/ these keys as far as I understand aren’t used for anything - unless a file in folder
/etc/apt/sources.list.d/ with file extension
.list or in ifle
/etc/apt/sources.list uses them by referring the path to these keys by using
[signed-by=/usr/share/keyrings/keyname.gpg]. The advantage is that once the sources.list file is removed, it doesn’t matter if the APT signing key is still lingering on the disk since it would effectively do nothing except waste a totally negligible amount of space not worth mentioning.
This is possible since Debian 11
Old trusted.gpg.d method:
The disadvantage of the old method, placing APT signing keys in folder
/etc/apt/trusted.gpg.d that all keys there are being used to verify all repositories. For example
docker.gpg has no business to sign
Could you document this please and perhaps also update the wiki?