[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

On Mon, Jan 09, 2006 at 11:43:25AM -0500, Joey Hess wrote:
> > Perhaps "expiry" isn't exactly what we want -- it's possible we want an
> > archive key that will only verify Release files with a date earlier than
> > a given date; but will continue to do so for an extended period of time.
> Is possible to implement that using gpg?

Not directly afaik. If you say "Archive Signing Key (Date <= 2006-05-01)"
apt could parse that from gpgv's output and perform the check itself, or add
a "The key used to sign these packages expired on 2006-05-01; if you obtained
this media after that date, you may have a problem. Continue (y/n): " warning.

I'm not sure off-hand what gpgv outputs in the case of an expired key; it might
be feasible to do the above already.


Attachment: signature.asc
Description: Digital signature

Reply to: