Hi folks, I am running a local mirror of the security.debian.org repository for in-house use. It seems to be available for Buster as well, except that there is an error message
ERROR: Condition '7638D0442B90D010' not fulfilled for '/var/www/official/lists/buster-security_buster%2Fupdates_InRelease'. Signatures in '/var/www/official/lists/buster-security_buster%2Fupdates_InRelease': '9D6D8F6BC857C906' (signed 2019-05-03): missing pubkey 'AA8E81B4331F7F50' (signed 2019-05-03): missing pubkey Error: Not enough signatures found for remote repository buster-security (http://security.debian.org buster/updates)! There have been errors! These keys are unknown on keyserver as well: # apt-key adv --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906 Executing: /tmp/apt-key-gpghome.VRpQHhUEoX/gpg.1.sh --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906 gpg: no valid OpenPGP data found. gpg: Total number processed: 0 # apt-key adv --keyserver keyring.debian.org --recv-keys AA8E81B4331F7F50 Executing: /tmp/apt-key-gpghome.HyHJegKO1w/gpg.1.sh --keyserver keyring.debian.org --recv-keys AA8E81B4331F7F50 gpg: no valid OpenPGP data found. gpg: Total number processed: 0 I understand that Buster is not released yet, but wouldn't you agree that it is unusual to sign InRelease without sharing the public key? Every helpful comment is highly appreciated Harri
