Re: Expired GPG keys of older release
- Date: Wed, 20 Jun 2018 09:53:11 +0200
- From: <tomas@xxxxxxxxxx>
- Subject: Re: Expired GPG keys of older release
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, Jun 20, 2018 at 09:43:03AM +0200, john doe wrote:
> As other as pointed out if the expiration date is not extended on
> the key your out of luck! :)
Yes, exactly. Keys *have* to expire at some point, and you can't
re-sign archived packages with a fresh key. Note that this will
happen to all "old" documents, not only Debian packages.
> One workaroungd could be:
> 1) Download all required packages
> 2) Verify the downloaded packages using 'gpg --verify'
> 3) Install the verified pkgs
> The best workaround would be to upgrade to Debian Stretch (6 to 7, 7
> to 8, 8 to 9)! :)
Yes, but there may be perfectly valid reasons to stick to an old
Debian: that's why they are available in the archives. One example
would be "old hardware".
> For sake of completeness:
> apt-key update - update keys using the keyring package
> apt-key net-update - update keys using the network
Yes, but that won't help in the above case. It's more of a "structural"
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----