Goswin von Brederlow wrote: > Except that apt-get fails if any of the signatures are unknown or > expired. So you still need both keys and not just one of them as you > intent.
No, that used to be apt's behavior, but since January apt and all other Release-verifying tools (debootstrap, net-retriever) have been satisfied to know only one key out of multiple signatures. -- see shy jo
signature.asc
Description: Digital signature
