On Tue, Oct 24, 2017 at 11:45:57AM -0400, Fungal-net wrote:

[cut]

> > The repository is not updated and the previous index files will be used. GPG error: tor://devuanfwojg73k6r.onion/merged ascii InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY BB23C00C61FC752C

apt is telling you that you don'e have the key for that repo. You
must:

# apt-get update
# apt-get install devuan-keyring

because amprolla3 is using a new signing key, which has been included
in the latest devuan-keyring. This was actually explained in the
announcement to this list. I admit that we didn't announce the
transition to amprolla3 for the onion address. Sorry for that.

>
> I think I'm getting somewhere.
> The merged repositories will not update because the key is expired. One would have to revert to the /devuan/ update the keyring and re-edit the repositories with the new key to be able to upgrade.
> But what about proposed-updates, is this devuan or merged?

jessie-proposed           is under /devuan
jessie-proposed-updates   is under /devuan
experimental              is under /devuan

The rest is under /merges, if I have not missed something.

> I think there is proposed-security as well.
>
> The installation I normally use and was checked frequently didn't have the same problem as the ones that have been unattended for a month or two. Somehow it seems as the keyring was updated before the pkgmaster deal and that makes the difference.

That's because you need to install the latest devuan-keyring, as
explained above.

HTH

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]