Impossible to verify GPG signature on Debian Release file
Hi,
I'm trying to verify the Debian's Release file but to no avail:
$gpg --keyserver keyring.debian.org --keyserve
r-options auto-key-retrieve --verify Release.gpg Release
gpg: Signature made 10/9/2021 11:35:49 AM Romance Daylight Time
gpg: using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpg: requesting key 0x648ACFD622F3D138 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
gpg: Signature made 10/9/2021 11:35:49 AM Romance Daylight Time
gpg: using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpg: requesting key 0x0E98404D386FA1D9 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
gpg: Signature made 10/9/2021 11:49:02 AM Romance Daylight Time
gpg: using RSA key A4285295FC7B1A81600062A9605C66F00D6C9793
gpg: issuer "debian-release@lists.debian.org"
gpg: requesting key 0x605C66F00D6C9793 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
$ gpg --locate-keys debian-release@lists.debian
.org
gpg: error retrieving 'debian-release@lists.debian.org' via WKD:
Certificate exp
ired
gpg: error reading key: Certificate expired
The Release file and signature file are downloaded from (1) and (2).
It looks like some keys are missing from the Debian keyring.
1) http://ftp.debian.org/debian/dists/stable/Release
2) http://ftp.debian.org/debian/dists/stable/Release.gpg
--
John Doe
Reply to: