Package: ftp.debian.org Severity: normal The buildd keyrings still contain buildd-alpha-keyring.gpg with the following long expire keys: | pub rsa4096 2012-03-02 [SC] [expired: 2013-03-02] | 34B00B428D69AE7B204816CFD3654A0DF4A26536 | uid [ expired] buildd autosigning key goedel <buildd_alpha-goe...@buildd.debian.org> | | pub rsa4096 2012-03-02 [SC] [expired: 2013-03-02] | A94E581D0235AC22CBF9958AA8562D3BC0C0867E | uid [ expired] buildd autosigning key goetz <buildd_alpha-go...@buildd.debian.org> Would it be possible to remove them? The same way the import keys for the armhf, ppc64el, arm64 and mips64el architectures are still in the corresponding keyrings: | pub rsa4096 2011-11-22 [SC] [expired: 2011-12-31] | 8653BF2B44BF17DDCB181C5E7EF63E5F38360647 | uid [ expired] armhf initial import key <steve-armhfimp...@einval.com> | | pub rsa4096 2014-08-17 [SC] [expired: 2014-12-15] | B2AB3FDD8427A6CFFB84AE01CF6AB78A75A792BE | uid [ expired] ppc64el initial import key <aure...@debian.org> | | pub rsa4096 2014-08-02 [SC] [expired: 2015-01-29] | EFD10F302F6DCA027E2EA4E05F4CD30A93EE9E49 | uid [ expired] Debian arm64 initial import temporary signing key <debian-...@lists.debian.org> | | pub rsa4096 2015-08-20 [SC] [expired: 2016-02-16] | 7890F2B458A1C440542B958770B8893FB71826BA | uid [ expired] mips64el initial import key <debian-m...@lists.debian.org> I doubt they are still useful, as all the packages signed with these keys have been rebuilt years ago. I guess we can just remove them.
