https://bugs.winehq.org/show_bug.cgi?id=53356
--- Comment #5 from Ulf Zibis Ulf.Zibis@gmx.de --- Malicious software, without needing root privileges, could modify the files: - /usr/share/keyrings/winehq-archive.key - /etc/apt/sources.list.d/winehq-jammy.sources Then, as the result of the next automatic update, the original WineHQ binaries could be replaced by malicious binaries.
Why do we use security keys at all, when they are not secure from modification?
Why not do it correct in the first place, than hoping for the user to correct the owner and rights with chowm and chmod?
Anyway, it does not make sense to have user owned files in root owned directories, so all files in /etc/apt/sources.list.d/ and /usr/share/keyrings/ should be: root root rw-r--r-- and not: user user rw-rw-r--
"That doesn't prevent the user with sudo privilege to change the files any way they want."
But it prevents users WITHOUT sudo privilege to do that. On multi-user systems, normal users do not have such privileges for a good reason.