[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Expired GPG keys of older release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jun 20, 2018 at 09:43:03AM +0200, john doe wrote:

[...]

> As other as pointed out if the expiration date is not extended on
> the key your out of luck! :)
> 
> https://www.debian.org/News/2011/20110209

Yes, exactly. Keys *have* to expire at some point, and you can't
re-sign archived packages with a fresh key. Note that this will
happen to all "old" documents, not only Debian packages.

> One workaroungd could be:
> 1)   Download all required packages
> 2)  Verify the downloaded packages using 'gpg --verify'
> 3)  Install the verified pkgs
> 
> The best workaround would be to upgrade to Debian Stretch (6 to 7, 7
> to 8, 8 to 9)! :)

Yes, but there may be perfectly valid reasons to stick to an old
Debian: that's why they are available in the archives. One example
would be "old hardware".

> For sake of completeness:
>   apt-key update              - update keys using the keyring package
>   apt-key net-update          - update keys using the network

Yes, but that won't help in the above case. It's more of a "structural"
problem.

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlsqB+cACgkQBcgs9XrR2ka90ACff8t+OZV4/2kc/4b4WyAT1eDV
rzIAn34J0aj3Ye5IGS5EgCjmmy5pCm9U
=4R0W
-----END PGP SIGNATURE-----
Reply to: