Difference between debian-keyring and debian-archive-keyring?
Do I need both to install packages? What is the purpose of each of those?
Solution 1:
debian-archive-keyring
is the minimal collection of keys used for Debian Release files, it provides the keys that are used when signing stable releases and (security) updates.
This NNN-kilobyte-sized collection is sufficient to verify the officially signed archives. This package is important if you use Debian (or at least part of its package archives) yourself.
This package installs keys into the apt trust database and therefore directly impacts package installation. More information on how the security of apt works can be found in man 8 apt-secure
If your system is not Debian, but you are using it to install Debian (e.g via debootstrap), this package is helpful, as you can use the keys to verify packages from insecure media or connections.
debian-keyring
is a much larger collection of keys providing the keys of all Debian Developers, Maintainers, and some more role (non-personal) keys.
This NN-megabyte-sized collection is sufficient to verify that an individual package announcement was signed by someone who was at some point a Debian Developer or Maintainer.
This package does not change the apt trust db and therefore has no direct impact on package installation. It is meant to be configured manually to verify signatures.
A typical example for such signature can be found in the Debian source control files for the package debian-keyring itself. The file debian-keyring_2019.03.24.dsc
identifies the sources for version 2019.03.24 of that package. The file is signed by Jonathan McDowell, a long-standing Debian Developer. His key is part of the collection that package provides.
If you are not working with such files (if you are not testing or developing Debian Packages), this package is probably not useful to you. And even if you did, this package is only for your convenience, as the actual authoritative source for the data contained therein is the Debian Public Key Server.