Web lists-archives.com

Re: Expired GPG keys of older release




Again, this is aim to disable Release timestamp validation, not related to gpg :/

On June 20, 2018 7:04:33 PM GMT+02:00, Curt <curty@xxxxxxx> wrote:
On 2018-06-20, <tomas@xxxxxxxxxx> <tomas@xxxxxxxxxx> wrote:

On Wed, Jun 20, 2018 at 02:27:24PM +0200, Adam Cecile wrote:

[...]

I still thinks it *sucks* to have no alternative then considering
packages signed by an expired key like unsigned packages....

That was my impression too: there should be a separate option for
"yes, I know the key is expired". Perhaps you can bring it up in
debian-devel or on the APT mailing list (https://lists.debian.org/deity/),
to see if they recommend filing a bug?

Cheers
- -- tomás



What does this do?

-o Acquire::Check-Valid-Until=false update




--
Sent from my Android device with K-9 Mail. Please excuse my brevity.