Yes the key expired, and I probably noticed first by virtue of living in
the future compared to everyone else.
We should be adding a new signing key each release for the next future
release, and ensuring it will endure for at least 2 future release.
This should be done immediately following a release.
This should be part of our "New Release - Devuan Devs guide to managing
the new release process." - if such a document should exist. (If it
doesn't maybe we should create it.)
Regards,
Daniel
On 5/09/22 19:53, Klaus Ethgen wrote:
> Hi,
>
> The reason seems to be that the key is expired.
>
> The mitigation might be difficult. But you might have the way to do so.
> Just sign the repository with the key
> 72E3CB773315DFA2E464743D94532124541922FB instead of
> E032601B7CA10BC3EA53FA81BB23C00C61FC752C.
>
> 72E3CB773315DFA2E464743D94532124541922FB is in
> /etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg and never expire.
>
> After some months, just create a new key which never expire or expire
> far in the future and use that for the repository.
>
> Regards
> Klaus
>
>
> _______________________________________________
> devuan-dev internal mailing list
> devuan-dev@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/devuan-dev
--
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722
::
[devuan-dev] bug#705: bug#705: Ackn…
