:: [devuan-dev] bug#705: bug#705: Ackn…
Pàgina inicial
Delete this message
Reply to this message
Autor: Daniel Reurich
Data:  
A: Klaus Ethgen, 705, devuan developers internal list
Assumpte: [devuan-dev] bug#705: bug#705: Acknowledgement (Update failed due to an invalide signature)
Yes the key expired, and I probably noticed first by virtue of living in
the future compared to everyone else.

We should be adding a new signing key each release for the next future 
release, and ensuring it will endure for at least 2 future release. 
This should be done immediately following a release.

This should be part of our "New Release - Devuan Devs guide to managing 
the new release process." - if such a document should exist.  (If it 
doesn't maybe we should create it.)

Regards,
    Daniel

On 5/09/22 19:53, Klaus Ethgen wrote:

> Hi,
> 
> The reason seems to be that the key is expired.
> 
> The mitigation might be difficult. But you might have the way to do so.
> Just sign the repository with the key
> 72E3CB773315DFA2E464743D94532124541922FB instead of
> E032601B7CA10BC3EA53FA81BB23C00C61FC752C.
> 
> 72E3CB773315DFA2E464743D94532124541922FB is in
> /etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg and never expire.
> 
> After some months, just create a new key which never expire or expire
> far in the future and use that for the repository.
> 
> Regards
>     Klaus
> 
> 
> _______________________________________________
> devuan-dev internal mailing list
> devuan-dev@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/devuan-dev



--
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722