[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#948013: ftp.debian.org: please remove long expired keys from the buildd keyrings

Package: ftp.debian.org
Severity: normal

The buildd keyrings still contain buildd-alpha-keyring.gpg with the
following long expire keys:
| pub   rsa4096 2012-03-02 [SC] [expired: 2013-03-02]
|       34B00B428D69AE7B204816CFD3654A0DF4A26536
| uid           [ expired] buildd autosigning key goedel <buildd_alpha-goedel@buildd.debian.org>
| pub   rsa4096 2012-03-02 [SC] [expired: 2013-03-02]
|       A94E581D0235AC22CBF9958AA8562D3BC0C0867E
| uid           [ expired] buildd autosigning key goetz <buildd_alpha-goetz@buildd.debian.org>
Would it be possible to remove them?
The same way the import keys for the armhf, ppc64el, arm64 and mips64el
architectures are still in the corresponding keyrings:
| pub   rsa4096 2011-11-22 [SC] [expired: 2011-12-31]
|       8653BF2B44BF17DDCB181C5E7EF63E5F38360647
| uid           [ expired] armhf initial import key <steve-armhfimport@einval.com>
| pub   rsa4096 2014-08-17 [SC] [expired: 2014-12-15]
|       B2AB3FDD8427A6CFFB84AE01CF6AB78A75A792BE
| uid           [ expired] ppc64el initial import key <aurel32@debian.org>
| pub   rsa4096 2014-08-02 [SC] [expired: 2015-01-29]
|       EFD10F302F6DCA027E2EA4E05F4CD30A93EE9E49
| uid           [ expired] Debian arm64 initial import temporary signing key <debian-arm@lists.debian.org>
| pub   rsa4096 2015-08-20 [SC] [expired: 2016-02-16]
|       7890F2B458A1C440542B958770B8893FB71826BA
| uid           [ expired] mips64el initial import key <debian-mips@lists.debian.org>
I doubt they are still useful, as all the packages signed with these
keys have been rebuilt years ago. I guess we can just remove them.

Reply to: