APT 2.9.15 Drops APT-Key Use

Recently, a new version of the Advanced Package Tool (APT) was published at 2.9.15, located at salsa.debian.org. The branch 2.9.x is considered experimental and is being used to develop the functionality for the future stable version of APT 3.0. Once stabilized, this version will be integrated into Debian Testing and will be part of the next significant Debian release, as well as being added to the Ubuntu package base.

One of the key changes in this new version was the finalization of the transition to using the APT-Key utility to manage digital package signatures. This change can be found in the changelog for reference. The APT-Key utility, which had been considered outdated for several years, provides a modern approach for checking the integrity of packages by separating key storage for each repository.

Other notable changes in this new version include:

  • Addition of the option to call GPG through Sequoia (GPG-SQ) with similar functionality to GPG, but implemented in the Rust language. This method is considered to be more priority than GPG and can be used by installing the appropriate package (source).
  • Improved handling of file extensions, such as “.ASC” and “.GPG”, to ensure proper key management and avoid errors related to unsupported file types (source).
  • Transition of many functions to use the “STD :: STRING” class instead of Char *”, providing more efficient handling of strings in the code (source).
  • Implementation of support for independent checks of keys (KEYRING) and the DEARMOR operation, which transforms ASCII-ARMORED key material into binary format without involving Apt-Key (
/Reports, release notes, official announcements.