[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1028389: GPG keys for packages squid3, nginx and apache2 expired

On Tue, Jan 10, 2023 at 11:48:27AM +0100, Manuel Antonio Romero Caro wrote:
> Package: apt
> Version: 1.0.9.8.2
> X-Debbugs-CC:Marco.MINGHINI@ec.europa.eu,inspire.jrc@guadaltel.com
> 
> 
> Dear Debian maintainance team,
> 
> We are contacting you because when we are downloading certain packages to be
> installed, it appears the same debian-related issue related to the
> expiration of the GPG key in the repository.
> The traces obtained for the issue are the following:
> 
> RUN apt-get update; true
>  ---> Running in e87514d0208a
> Ign http://httpredir.debian.org jessie InRelease
> Get:1 http://security.debian.org jessie/updates InRelease [44.9 kB]
> Get:2 http://httpredir.debian.org jessie-updates InRelease [16.3 kB]
> Ign http://httpredir.debian.org jessie-backports InRelease
> Get:3 http://httpredir.debian.org jessie Release.gpg [1652 B]
> Ign http://httpredir.debian.org jessie-backports Release.gpg
> Get:4 http://httpredir.debian.org jessie Release [77.3 kB]
> Ign http://httpredir.debian.org jessie-backports Release
> Err http://httpredir.debian.org jessie-backports/main amd64 Packages
> 
> Err http://httpredir.debian.org jessie-backports/main amd64 Packages
> 
> Err http://httpredir.debian.org jessie-backports/main amd64 Packages
> 
> Err http://httpredir.debian.org jessie-backports/main amd64 Packages
> 
> Err http://httpredir.debian.org jessie-backports/main amd64 Packages
>   404  Not Found
> Ign http://security.debian.org jessie/updates InRelease
> Get:5 http://security.debian.org jessie/updates/main amd64 Packages [992 kB]
> Ign http://httpredir.debian.org jessie-updates InRelease
> Ign http://httpredir.debian.org jessie Release
> Get:6 http://httpredir.debian.org jessie-updates/main amd64 Packages [20 B]
> Get:7 http://httpredir.debian.org jessie/main amd64 Packages [9098 kB]
> Fetched 10.2 MB in 2s (3980 kB/s)
> W: GPG error: http://security.debian.org jessie/updates InRelease: The
> following signatures were invalid: KEYEXPIRED 1668892417 The following
> signatures couldn't be verified because the public key is not available:
> NO_PUBKEY AA8E81B4331F7F50
> W: GPG error: http://httpredir.debian.org jessie-updates InRelease: The
> following signatures were invalid: KEYEXPIRED 1668891673
> W: GPG error: http://httpredir.debian.org jessie Release: The following
> signatures were invalid: KEYEXPIRED 1668891673
> W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie-backports/main/binary-amd64/Packages
> 404  Not Found
> 
> E: Some index files failed to download. They have been ignored, or old ones
> used instead.
> 
> This error make it impossible to install those packages in a normal way,
> cause they are unauthorized.
> 
> As we have determined, the cause of it are three expired keys which are
> related to the packages: squid3, nginx and apache2.
> 
> So, we are asking if you will extend the validity of these three
> certificates. And if that not the case, how can we proceed to solve this
> issue?

Also what do you think you're doing? jessie reached it's end of life
in 2018, and the long term support project ended in June 2020. Please
upgrade. That's ridiculous.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en
Reply to: