[R-sig-Debian] signing key of repo expired -- tangential question
J C Nash
pro|jcn@@h @end|ng |rom gm@||@com
Tue Nov 16 15:29:34 CET 2021
I've seen several issues like this with "private" repositories or
sections thereof. Is there a reasonable way to set things up so keys
or access is shared across several people or held in an organizational
escrow? I think there is general good will on the part of most people
contributing, but things happen in life, and the collective can be
inconvenienced.
Best,
JN
On 2021-11-16 8:28 a.m., Johannes Ranke wrote:
> Hi all,
>
> sorry to all users of the CRAN Debian backports for the inconvenience caused
> by the expiration of my signing key.
>
> I have created a new key and uploaded it to keyserver.ubuntu.com, and signed
> the buster40 and bullseye40 repositories with it. The repos signed with the
> new key will be available to all users of the CRAN Debian archive as soon as
> the synchronisation has taken place.
>
> Kind regards,
>
> Johannes
>
> P.S.: Unfortunately I could not change the key expiration of the old key, as I
> have lost the passphrase of the corresponding master key. For the same reason,
> the new key is not signed with the old one.
>
> Am Dienstag, 16. November 2021, 14:18:06 CET schrieb Dirk Eddelbuettel:
>> On 16 November 2021 at 12:08, bodo riediger-klaus wrote:
>> | Hello,
>> |
>> | i get a key-expired message when i try to update my repository
>> |
>> | root using merlot:/etc/apt/sources.list.d# cat rbase-stable.list
>> | deb http://ftp.gwdg.de/pub/misc/cran/bin/linux/debian buster-cran40/
>> |
>> |
>> | W: GPG-Fehler: http://ftp.gwdg.de/pub/misc/cran/bin/linux/debian
>> | buster-cran40/ InRelease: Die folgenden Signaturen waren ungültig:
>> | EXPKEYSIG FCAE2A0E115C3D8A Johannes Ranke (Wissenschaftlicher Berater)
>> | <johannes.ranke using jrwb.de>
>>
>> As it is the personal key of Johannes, only Johannes (CC'ed) can fix it.
>> It is my understanding that he has been contacted, but as we had not said so
>> on the list it is good to have it here too.
>>
>> Dirk
>>
>> | As you can see on
>> |
>> | https://keyserver.ubuntu.com/pks/lookup?search=0xE19F5F87128899B192B1A2C2A
>> | D5F960A256A04AF&fingerprint=on&op=index
>> |
>> | there are two Expired Sub-Keys:
>> |
>> | sub rsa3072/5bc121cfdc61bdae03062260af83ce117fbb4c22
>> | 2016-11-15T20:12:04Z
>> | sig sbind ad5f960a256a04af 2016-11-15T20:12:04Z ____________________
>> | 2021-11-14T18:17:46Z []
>> |
>> | sub rsa3072/ad7b5162ba456be3526f8d92fcae2a0e115c3d8a
>> | 2016-11-15T19:58:24Z
>> | sig sbind ad5f960a256a04af 2016-11-15T19:58:24Z ____________________
>> | 2021-11-14T18:17:46Z []
>> |
>> |
>> | greetings, bodo
>> |
>> | --
>> | R.-Bodo Riediger-Klaus IT-Dienst FB MI Freie Universität Berlin
>> | bodo.riediger-klaus using fu-berlin.de Takustr.9 R.038 Fon: 030 838 75175
>> |
>> | _______________________________________________
>> | R-SIG-Debian mailing list
>> | R-SIG-Debian using r-project.org
>> | https://stat.ethz.ch/mailman/listinfo/r-sig-debian
>
> _______________________________________________
> R-SIG-Debian mailing list
> R-SIG-Debian using r-project.org
> https://stat.ethz.ch/mailman/listinfo/r-sig-debian
>
More information about the R-SIG-Debian
mailing list