Re: Expired GPG keys of older release
- Date: Tue, 19 Jun 2018 22:55:30 +0200
- From: Adam Cecile <adam.cecile@xxxxxxxx>
- Subject: Re: Expired GPG keys of older release
On 06/19/2018 10:48 PM, Don Armstrong wrote:
With apt ? I had to set allowunauthenticated = 1 in apt.conf, otherwise
apt wouldn't install anything.
On Tue, 19 Jun 2018, Adam Cecile wrote:
That's a pity, don't you think so ? I think Debian should renew the
archive key, so we can still verify packages signatures.
You can still verify them. Key expiration doesn't make existing
signatures invalid. [Indeed, gpgv doesn't even check for expired keys.]