In der Nachricht vom Sunday, 4 September 2022 11:20:39 CEST steht:
> Automatically updates require the key to be updated, but the package in
> point that should provide the updated key is outdated as well. So, it's a
> vicious circle that requires manual intervention via "dpkg -i", as Ludovic
> has pointed out.

I feared what you wrote, so it's a kind of second worst case scenario. We will
have some Devuan installations not getting updates any longer (1411
unattended-upgrades installed according to popcon and not all of these are
closely accompanied, I guess). At least Devuan should put a clearly visible
warning on the front page of https://devuan.org/ linked to a helping page, if
an automatic correction of the problem is impossible.

But, if I look at the list of installed keys, I see:
$ apt-key list
[...]

/etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg
------------------------------------------------------
pub   rsa2048 2014-12-02 [SC]
      72E3 CB77 3315 DFA2 E464  743D 9453 2124 5419 22FB
uid           [ unknown] Devuan Repository (Primary Devuan signing key) 
<repository@???>
sub   rsa2048 2014-12-02 [E]
sub   rsa4096 2016-04-26 [S]

[...]

This key does not expire and it seems installed on beowulf and chimaera. Can
we just also sign the index file and the devuan-keyring package with this key
for a while? Would this help to get the new devuan-keyring package and thus to
fix the issue automatically?


Regards, Adrian.