Bug#345823: apt: Key error at year turnover resembles security problem, and may represent one
Am Mittwoch, den 04.01.2006, 03:47 -0800 schrieb Edward Buck:
xpost to #345823 and #316344
[..]
> I tried to download the new key from the above key server using the key
> id and found none.
>
> Also, 'apt-key update' gives one the impression that the problem is
> easily fixable but it leads to disappointment.
>
> # apt-key update
> ERROR: Can't find the archive-keyring
> Is the debian-keyring package installed?
>
> After installing debian-keyring, the same error occurs (presumably
> because of changed filenames?). I suspect the new public key is not in
> the debian-keyring package anyway.
Yes. It is more than only a bit disappointing, that this bug is still
unfixed. There are at least 6 or 7 open bugs reports (the oldest with an
age of 188 days), talking about this problem.
So a question to the apt and debian-keyring maintainers: What about
- updating debian-role-keys.gpg to contain the 2006 archiv key
- fixing apt-key to not try to read non-existing keyrings and instead
read debian-role-keys.gpg
- instead trying to remove all keys found in the non-existing
debian-archive-removed-keys.gpg, remove all keys, being expired and
found in debian-role-keys.gpg
- let apt-key update the keyring 1 month before the key expires (needs
updating the debian-role-keys.gpg also one month before a role key
expires)
OR
- add the missing /usr/share/keyrings/debian-archive-keyring.gpg
and /usr/share/keyrings/debian-archive-removed-keys.gpg now
Are there concerns or objections?
Regards, Daniel
Reply to: