Hi, On Fri, Apr 11, 2025 at 09:51:14AM +0100, Jonathan Wiltshire wrote: > +debian-archive-keyring (2023.3+deb12u2) bookworm; urgency=medium > + > + * Remove buster keys
this broke my "dumat" installation. Now it might be argued that this is a bug in dumat, but maybe other things also rely on the keys. Specifically, dumat exploded when checking the bullseye-security (!) InRelease file as published on deb.debian.org. JFTR, dumat calls gpgv for the check: gpgv --quiet --weak-digest SHA1 --output --keyring ... and then uses the return code to check for success. From what I read recently in gpg bug reports, this might not be a robust implementation. Nevertheless it worked so far. I'm not saying the dumat breakage is a 100% reason to not drop the buster keys, but it's a datapoint for further consideration. Best, Chris
