[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB Debian Ports Archive Automatic Signing Key (2021)

On Thu, Feb 10, 2022 at 11:09 AM Philipp Klaus Krause <pkk@spth.de> wrote:
>
> I just downloaded debian-hurd-20210812.img, and started it in kvm.
> apt-get update then failed:
> ...
> Get:3 http://snapshot.debian.org/archive/debian/20210812T100000Z sid
> InRelease [165 kB]
> Err:1 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z
> sid InRelease
>    The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB
> Debian Ports Archive Automatic Signing Key (2021)
> <ftpmaster@ports-master.debian.org>

You might consider filing a bug against Debian or Apt. There's no such
thing as an expired signature.

For those who desire a key to have attributes, either (1) the key was
valid at the time and applied the signature or (2) the key was not
valid.
 A valid signature does not transition to invalid after the signature
has been applied.

The only way to invalidate signatures is to revoke the key. There's no
reason to revoke the key here.

This is just more Debian key mismanagement. They have a chronic problem.

Jeff
Reply to: