Bug#763419: apt ignoring check-valid-until flag
On Thu, Dec 17, 2020 at 10:03 AM Ansgar wrote:
> (Bonus points if this keeps the original signature if possible.)
Two separate signatures is possible for Release+Release.gpg, just
rename the latter to .old, but what can you do for InRelease? Is it
possible to have multiple signatures in one blob of signing data? Is
it possible to take an existing signature and add a second one to it?
Can the same thing be done for Release.gpg? Do apt, gpg and gpgv cope
with this sort of thing?