>FAQ, covered frequently in the past month here. See: > http://www.debian-administration.org/articles/174 >... though the answer you need is in the discussion: [...] >Note you need *both* the 2006 *and* 2005 keys.
I have everything correct from the beginning: # gpg --no-default-keyring --keyring trustedkeys.gpg --list-keys /root/.gnupg/trustedkeys.gpg ---------------------------- pub 1024D/276981F4 2004-12-24 [expires: 2008-01-06] uid Volatile woody/sarge Archive Key <[EMAIL PROTECTED]> uid Volatile Archive Key 2005 <[EMAIL PROTECTED]> pub 1024D/4F368D5D 2005-01-31 [expired: 2006-01-31)] uid Debian Archive Automatic Signing Key (2005) <[EMAIL PROTECTED]> pub 1024D/2D230C5F 2006-01-03 [expires: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) <[EMAIL PROTECTED]> So please, listen to me: the Sarge main archive is signed with an EXPIRED key. I know most of you use Etch or SID, but some people are actually trying to administrate safely and correctly Sarge servers. Will we need to wait for 3.1r2 or should i trust and expired key ? And if i should trust an expired key, why do they expire in the first place ? Again, if i'm not on the right list, please redirect me :-) TIA, Alexandre PS: # gpgv --keyring trustedkeys.gpg --status-fd 1 Release.gpg Release gpgv: Signature made Sat Dec 17 11:46:27 2005 CET using DSA key ID 4F368D5D [GNUPG:] KEYEXPIRED 1138684904 [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead [GNUPG:] SIG_ID /R7QWyOvlm8t3SJCcwo+j2bUiwI 2005-12-17 1134816387 [GNUPG:] EXPKEYSIG F1D53D8C4F368D5D Debian Archive Automatic Signing Key (2005) <[EMAIL PROTECTED]> gpgv: Good signature from "Debian Archive Automatic Signing Key (2005) <[EMAIL PROTECTED]>" [GNUPG:] VALIDSIG 4C7A8E5E9454FE3FAE1E78ADF1D53D8C4F368D5D 2005-12-17 1134816387 0 3 0 17 2 00 4C7A8E5E9454FE3FAE1E78ADF1D53D8C4F368D5D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
