"missing pubkey" for buster-security

To: debian-user@lists.debian.org
Subject: "missing pubkey" for buster-security
From: Harald Dunkel <harald.dunkel@aixigo.de>
Date: Mon, 6 May 2019 07:58:11 +0200
Message-id: <[🔎] 42b8d63e-8ca7-1754-40a1-95a85e1f7004@aixigo.de>

Hi folks,

I am running a local mirror of the security.debian.org
repository for in-house use. It seems to be available for
Buster as well, except that there is an error message

ERROR: Condition '7638D0442B90D010' not fulfilled for '/var/www/official/lists/buster-security_buster%2Fupdates_InRelease'.
Signatures in '/var/www/official/lists/buster-security_buster%2Fupdates_InRelease':
'9D6D8F6BC857C906' (signed 2019-05-03): missing pubkey
'AA8E81B4331F7F50' (signed 2019-05-03): missing pubkey
Error: Not enough signatures found for remote repository buster-security (http://security.debian.org buster/updates)!
There have been errors!


These keys are unknown on keyserver as well:

# apt-key adv --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
Executing: /tmp/apt-key-gpghome.VRpQHhUEoX/gpg.1.sh --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
# apt-key adv --keyserver keyring.debian.org --recv-keys AA8E81B4331F7F50
Executing: /tmp/apt-key-gpghome.HyHJegKO1w/gpg.1.sh --keyserver keyring.debian.org --recv-keys AA8E81B4331F7F50
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


I understand that Buster is not released yet, but wouldn't you
agree that it is unusual to sign InRelease without sharing the
public key?


Every helpful comment is highly appreciated
Harri

Reply to:

Follow-Ups:
- Re: "missing pubkey" for buster-security
  - From: Ansgar Burchardt <"Ansgar Burchardt"@43-1.org>

Prev by Date: Re: next amd64 stretch problem
Next by Date: Re: "missing pubkey" for buster-security
Previous by thread: Re: next amd64 stretch problem
Next by thread: Re: "missing pubkey" for buster-security
Index(es):
- Date
- Thread