With a fresh Ubuntu 23.04 installation, I would like to manage all keys in a proper way and get rid off the cross-siging threat.
I've installed Skype simply by:
wget -c https://repo.skype.com/latest/skypeforlinux-64.deb
dpkg -i skypeforlinux-64.deb
Unfortunatelly, I've discovered (in apt-key list) that Skype key was stored in a common file /etc/apt/trusted.gpg.
So, I've downloaded Skype key once again, but to a separate file, but not in /usr/share/keyrings/
curl -sS https://repo.skype.com/data/SKYPE-GPG-KEY | gpg --dearmor | tee /etc/apt/trusted.gpg.d/skype.gpg
And my Question #1 is: Do I have to update the file /etc/apt/sources.list.d/skype-stable.list to something like:
deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/skype.gpg] https://repo.skype.com/deb stable main
I'm asking this, because Chrome installation created a separate key file /etc/apt/trusted.gpg.d/google-chrome.gpg, however in corresponding source list file /etc/apt/sources.list.d/google-chrome.list, there's no singed-by option:
deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main
It seems Chrome is working fine without this option and I'm a little bit confused.
Question #2: What is the most suitable location for the separate key files?
/etc/apt/trusted.gpg.d//usr/share/keyrings//etc/apt/keyrings/
What are the nuances between these three locations?
