Your message dated Sat, 02 May 2009 19:54:46 +0000 with message-id <E1M0LIM-0005j3-RG@ries.debian.org> and subject line Bug#433091: fixed in apt 0.6.46.4-0.1+etch1 has caused the Debian Bug report #433091, regarding ignores expiry of archive keys to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 433091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ignores expiry of archive keys
- From: martin f krafft <madduck@debian.org>
- Date: Sat, 14 Jul 2007 13:29:41 +0200
- Message-id: <20070714112941.GA13373@piper.oerlikon.madduck.net>
Package: apt Version: 0.7.3 Severity: important If I update from an archive whose key recently expired and I have not yet updated the local copy via apt-key -- the local keyring says it's expired -- APT does not complain but just proceeds. I think it should *at least* warn. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.21-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2007.02.19-0.1 GnuPG archive keys of the Debian a ii libc6 2.6-2 GNU C Library: Shared libraries ii libgcc1 1:4.2-20070707-1 GCC support library ii libstdc++6 4.2-20070707-1 The GNU Standard C++ Library v3 apt recommends no packages. -- no debconf information -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systemsAttachment: signature.asc
Description: Digital signature (GPG/PGP)
--- End Message ---
--- Begin Message ---
- To: 433091-close@bugs.debian.org
- Subject: Bug#433091: fixed in apt 0.6.46.4-0.1+etch1
- From: Michael Vogt <mvo@debian.org>
- Date: Sat, 02 May 2009 19:54:46 +0000
- Message-id: <E1M0LIM-0005j3-RG@ries.debian.org>
Source: apt Source-Version: 0.6.46.4-0.1+etch1 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive: apt-doc_0.6.46.4-0.1+etch1_all.deb to pool/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb apt-utils_0.6.46.4-0.1+etch1_i386.deb to pool/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb apt_0.6.46.4-0.1+etch1.dsc to pool/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc apt_0.6.46.4-0.1+etch1.tar.gz to pool/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz apt_0.6.46.4-0.1+etch1_i386.deb to pool/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb to pool/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb to pool/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 433091@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 19 Apr 2009 21:06:46 +0200 Source: apt Binary: apt-utils libapt-pkg-doc libapt-pkg-dev apt-doc apt Architecture: source all i386 Version: 0.6.46.4-0.1+etch1 Distribution: oldstable-security Urgency: high Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Closes: 433091 523213 Changes: apt (0.6.46.4-0.1+etch1) oldstable-security; urgency=high . * debian/apt.cron.daily: - fix possible DST timestap releated auto-update problem (CVE-2009-1300, closes: #523213) * methods/gpgv.cc: - properly check for expired and revoked keys (closes: #433091) Files: c631100edac082afe2dddb28030ed6ff 1108 admin important apt_0.6.46.4-0.1+etch1.dsc e6eaebb8a12f5243668ca56e65c8c71e 1798703 admin important apt_0.6.46.4-0.1+etch1.tar.gz 999f34683b7cb7818258ac1ebfca701c 89752 doc optional apt-doc_0.6.46.4-0.1+etch1_all.deb b91e59e2e1093ecbe387ccc7e8111d73 112248 doc optional libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb 73f115b27de4fdf11af97e2b5afca613 1438190 admin important apt_0.6.46.4-0.1+etch1_i386.deb 6aa9a63c060eb0461b66f67e35ed20c7 84166 libdevel optional libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb 7245c5ea84b1c4eefa816af20868a794 198392 admin important apt-utils_0.6.46.4-0.1+etch1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJ7ZDZAAoJECIIoQCMVaAcYgQH+wXRkiChxfmz1vuiqDe1yx/K a5T5c+zb/mrY1Q3M0zh/p0sB9xmE6XBC9c4UYEX3qLS/V0PJ4eND1DHyT8qBtm67 mB2G/+U0MDFB607l5vCIstSchgJP9XTLA7cdvTudQCgEihYhvXpySSzHNPcn+WHv Bb5fTvcERQ7zVfjFv2tySyn/y5dwssqf0dwm625NuYc75oD1eVHZ+vpX1WVMHI4K 795kdmDE7X0/vbg0P6CIZn4xRo1P/JLuhzZt1f7facB0mCLnHphHKhB2e7vBHECu OPqW9ryZsPDD34Zs/v0UPosYqFOwyrY8JMyJQog2/VljHqhAVB1/A4aZShLuwIw= =9jPa -----END PGP SIGNATURE-----
--- End Message ---