Bug#948013: ftp.debian.org: please remove long expired keys from the buildd keyrings
Package: ftp.debian.org
Severity: normal
The buildd keyrings still contain buildd-alpha-keyring.gpg with the
following long expire keys:
| pub rsa4096 2012-03-02 [SC] [expired: 2013-03-02]
| 34B00B428D69AE7B204816CFD3654A0DF4A26536
| uid [ expired] buildd autosigning key goedel <buildd_alpha-goedel@buildd.debian.org>
|
| pub rsa4096 2012-03-02 [SC] [expired: 2013-03-02]
| A94E581D0235AC22CBF9958AA8562D3BC0C0867E
| uid [ expired] buildd autosigning key goetz <buildd_alpha-goetz@buildd.debian.org>
Would it be possible to remove them?
The same way the import keys for the armhf, ppc64el, arm64 and mips64el
architectures are still in the corresponding keyrings:
| pub rsa4096 2011-11-22 [SC] [expired: 2011-12-31]
| 8653BF2B44BF17DDCB181C5E7EF63E5F38360647
| uid [ expired] armhf initial import key <steve-armhfimport@einval.com>
|
| pub rsa4096 2014-08-17 [SC] [expired: 2014-12-15]
| B2AB3FDD8427A6CFFB84AE01CF6AB78A75A792BE
| uid [ expired] ppc64el initial import key <aurel32@debian.org>
|
| pub rsa4096 2014-08-02 [SC] [expired: 2015-01-29]
| EFD10F302F6DCA027E2EA4E05F4CD30A93EE9E49
| uid [ expired] Debian arm64 initial import temporary signing key <debian-arm@lists.debian.org>
|
| pub rsa4096 2015-08-20 [SC] [expired: 2016-02-16]
| 7890F2B458A1C440542B958770B8893FB71826BA
| uid [ expired] mips64el initial import key <debian-mips@lists.debian.org>
I doubt they are still useful, as all the packages signed with these
keys have been rebuilt years ago. I guess we can just remove them.
Reply to: