Package: apt
Version: 1.8.0
I have this in my apt keyring:
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2015-06-11 [SC]
C35E B17E 1EAE 708E 6603 A9B3 AD05 92FE 47F0 DF61
uid [ unknown] matrix.org (Debian signing key) <packa...@matrix.org>
sub rsa4096 2015-06-11 [E]
But I know that that key has been revoked, and the revoked key is
in my keyring:
pub rsa4096/AD0592FE47F0DF61 2015-06-11 [SC] [revoked: 2019-04-12]
C35EB17E1EAE708E6603A9B3AD0592FE47F0DF61
uid [ revoked] matrix.org (Debian signing key)
<packa...@matrix.org>
But there doesn't seem to be any infrastructure to check that a
key is revoked other than manually updating it.
Kurt
