Bug#433091: ignores expiry of archive keys

To: 433091@bugs.debian.org
Subject: Bug#433091: ignores expiry of archive keys
From: martin f krafft <madduck@debian.org>
Date: Sun, 13 Jul 2008 23:55:58 +0200
Message-id: <[🔎] 20080713215558.GA15779@piper.oerlikon.madduck.net>
Reply-to: martin f krafft <madduck@debian.org>, 433091@bugs.debian.org
In-reply-to: <20070714112941.GA13373@piper.oerlikon.madduck.net>
References: <20070714112941.GA13373@piper.oerlikon.madduck.net>

severity 433091 critical
# justification: security; incomplete trust model
tags 433091 security
found 433091 0.6.46.4-0.1
thanks

also sprach martin f krafft <madduck@debian.org> [2007.07.14.1329 +0200]:
> If I update from an archive whose key recently expired and I have
> not yet updated the local copy via apt-key -- the local keyring says
> it's expired -- APT does not complain but just proceeds. I think it
> should *at least* warn.

For its first birthday, I am giving this bug report a severity
upgrade and a tag.

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Reply to:

Follow-Ups:
- Processed: Re: Bug#433091: ignores expiry of archive keys
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#433091: ignores expiry of archive keys
Next by Date: Bug#448743: autoremove build-deps
Previous by thread: Processed: severity of 271810 is wishlist
Next by thread: Processed: Re: Bug#433091: ignores expiry of archive keys
Index(es):
- Date
- Thread