Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key

To: Jeroen Diederen <jjhdiederen@zonnet.nl>
Cc: PowerPC List Debian <debian-powerpc@lists.debian.org>
Subject: Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
From: Jeffrey Walton <noloader@gmail.com>
Date: Tue, 23 Jun 2020 03:56:16 -0400
Message-id: <[🔎] CAH8yC8nHZkbTZta3KV1FxvqLQAtDMdCuAnDbfcY4chENTiq4yQ@mail.gmail.com>
Reply-to: noloader@gmail.com
In-reply-to: <[🔎] f06dc8c73ae67a7c9d0dbc94f189fea1@zonnet.nl>
References: <[🔎] 07573d55-f76d-4395-89e4-074fbda601b2@www.fastmail.com> <[🔎] 5fc03ea99d29a7c032ff346865c1f97e@zonnet.nl> <[🔎] 7633d07cbfac010254905442b9c9fd43@zonnet.nl> <[🔎] 99b1422d-7672-43a3-a3b4-1104bbc9aae1@www.fastmail.com> <[🔎] f06dc8c73ae67a7c9d0dbc94f189fea1@zonnet.nl>

On Tue, Jun 23, 2020 at 2:30 AM Jeroen Diederen <jjhdiederen@zonnet.nl> wrote:
>
> You might also want to try this:
> https://linux-audit.com/how-to-solve-an-expired-key-keyexpired-with-apt/
> https://futurestud.io/tutorials/fix-ubuntu-debian-apt-get-keyexpired-the-following-signatures-were-invalid
> https://www.reddit.com/r/debian/comments/g9is3p/debian_8_jessie_keyexpired_drive_my_crazy/

Off-topic, this is just plain wrong: "This is a good thing, to warn us
that we should be checking the repository. With an expired key, the
solution is simple: we need to download an updated key."

A signature applied during a valid key period is still good. For those
following a key rotation scheme, no new signatures should occur after
the key expires.

But in the big Security Engineering picture, what we've found in
practice is, key continuity is better then key rotation. As long as
the key does not change unexpectedly, then the key is good.

Peter Gutmann covers all of this stuff in his book Engineering
Security (https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). I
wish the maintainers of Apt would read it and stop wasting our time
with these keys due to broken policies.

Jeff

Reply to:

Follow-Ups:
- Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
  - From: Frank Scheiner <frank.scheiner@web.de>

References:
- Installing Jessie on PowerMac G4 (32 bit) -- expired key
  - From: "Rick Thomas" <rick.thomas@pobox.com>
- Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
  - From: Jeroen Diederen <jjhdiederen@zonnet.nl>
- Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
  - From: Jeroen Diederen <jjhdiederen@zonnet.nl>
- Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
  - From: "Rick Thomas" <rick.thomas@pobox.com>
- Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
  - From: Jeroen Diederen <jjhdiederen@zonnet.nl>

Prev by Date: Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
Next by Date: Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
Previous by thread: Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
Next by thread: Re: Installing Jessie on PowerMac G4 (32 bit) -- expired key
Index(es):
- Date
- Thread