PPA key should be available for download

[critter]

From the network I'm on right now it's impossible to download GPG keys from the Ubuntu keyserver - however HTTP downloads work just fine. It would be nice to have the possibility of downloading the GPG key from the Pidgin webpage instead.

[rlaager]

It's my intention to build a "pidgin-ppa" .deb package that contains the key. The post-installation script would add the key and configure the apt source. Additionally, it would contain an init script to update the apt source if the distro was upgraded. This should reduce the installation process to clicking a link on pidgin.im/download/ubuntu and approving the necessary security prompts. This won't happen sooner than this weekend. I'm really hoping to complete it before the release of Karmic though. I'm anticipating more downloads, as I believe they're replacing Pidgin with Empathy as the default IM client in Ubuntu.

[taralluccio]

On Ubuntu 9.10 (and later), the signing key is downloaded automatically when adding the PPA repository as "ppa:pidgin-developers/ppa".

I believe this is no longer an issue.

[zyv]

taralluccio, you are missing the point. The OP asked if it is possible to make the key available from HTTP because the system might have restrictions that prevents it from fetching the key using the keyserver exchange protocol. The advent of ppa:pidgin-developers/ppa is irrelevant here.

I think there is no advantage in copying the key over to Pidgin's website so this request has to be rejected.

The auto-PPA setup package is not a bad idea, but

1) It is really questionable how high is the demand for this, given that there is not so much of these firewalled systems that can't retrieve the key automatically and you have to do it manually.

2) One year and a half passed since this was brought up.

Maybe it's better to just close this ticket as wontfix.

[zyv]

P.S. Actually, as a sysadmin, I find these auto-setup packages quite annoying. You have to remember to remove them on software removal or upgrades and how many times I've been staring at my sources.list not understanding what's going on, just because I overlooked yet another source dropped into sources.d by one of this auto-setup things.

If you'd actually like to implement this, remember to depend the packages on it, so that it will be automatically removed upon the removal of Pidgin itself.

In what concerns the implementation, actually, you just need to drop the source file into sources.d and import the key, that you bundle with the right inside the install trigger.

[rlaager]

I'm going to close this ticket, now that I've built the pidgin-ppa package. If your firewall is blocking things you need access to, talk to your network admin.

zyv: Your have your dependencies backwards. If pidgin depends on pidgin-ppa, then you would be required to install pidgin-ppa, which is not currently the case. Instead, the pidgin-ppa package would need to depend on pidgin. But then if someone wants just finch (or even just libpurple, if they were using a third-party libpurple client), that forces them to have pidgin. So then we end up with a dependency on pidgin | finch | libpurple0, which could easily result in libpurple sticking around when someone uninstalls pidgin. Because of this, I abandoned that idea. You're free to skip the pidgin-ppa package and setup the repository yourself.

As an aside, I'd much prefer some changes upstream: 1) Ubuntu should ship all of their sources as sources.list.d files. The trend away from a monolithic sources.list file would be a good thing; it wouldn't surprise you to find things in sources.list.d. 2) Ubuntu should provide an easy way to setup PPAs specifically.

[zyv]

Ok, thanks for the explanations, I've got it. Yes, for this reason I prefer to set the ppa up myself.

In what concerns (2), it's already there for 9.10+ if I am not mistaken:

sudo add-apt-repository ppa:pidgin-developers/ppa

This will automatically add the ppa source to apt config.

I think you should mention this on the web page and make it clear that for 9.10+ pidgin-ppa is deprecated and provided only for those pour souls, that have stupid firewalls.

You can copy and paste text from here:

​https://launchpad.net/~pidgin-developers/+archive/ppa

See "Adding this PPA to your system". I can't reopen this bug, so please do it yourself.