Debian installation instructions still use /etc/apt/trusted.gpg.d for storing the key

[dhs-rec]

This violates https://wiki.debian.org/DebianRepository/UseThirdParty, which states:

... The certificate MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add.

If future updates to the certificate will be managed by an apt/dpkg package as recommended below, then it SHOULD be downloaded into /usr/share/keyrings using the same filename that will be provided by the package. If it will be managed locally , it SHOULD be downloaded into /etc/apt/keyrings instead.

Please update the instructions accordingly.

Maybe also take into account that Debian 13 and Ubuntu 24.04 will default to the s.c. "deb822" style *.sources files in favor of the old *.list files in /etc/apt/sources.list.d. See man 5 sources.list for the details.

[jiekang]

I believe these are the instructions the issue author is referring to:

https://github.com/adoptium/adoptium.net/blob/675e64ef0eb2b814899789301fb59635a39c195b/content/asciidoc-pages/installation/linux/index.adoc#L46

wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null

From a quick glance at the third-party repository link, we want mkdir -p /etc/apt/keyrings and to place the certificate there?

[dhs-rec]

From a quick glance at the third-party repository link, we want mkdir -p /etc/apt/keyrings and to place the certificate there?

Yes, except I'd make that [[ -d /etc/apt/keyrings ]] || mkdir -p /etc/apt/keyrings, since recent Debian/Ubuntu versions should already have it.

Oh, and btw., ...| tee somefile > /dev/null can be replaced with ... >somefile.

[dhs-rec]

Or, even better: Also provide a package for managing the keyring file going forward, in which case the instructions for the user would change to [[ -d /usr/share/keyrings ]] || mkdir -p /usr/share/keyrings (and place the bootstrap keyring file there).