Bug#1003865: marked as done (GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) )

[Debian Bug Tracking System]

Your message dated Tue, 18 Jan 2022 18:53:06 +0000
with message-id 
<582900164cd11084efccf10192631e502d140cfb.ca...@adam-barratt.org.uk>
and subject line Re: Bug#1003865: GPG error: http://deb.debian.org/debian sid 
InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 
Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org>
has caused the Debian Bug report #1003865,
regarding GPG error: http://deb.debian.org/debian sid InRelease: The following 
signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic 
Signing Key (10/buster) <ftpmas...@debian.org>
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1003865: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003865
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: debian-archive-keyring
Version: 2021.1.1
Severity: grave
Justification: this breaks updating any package

On Debian sid, apt update is broken for some days now

$ sudo apt update
Get:1 http://deb.debian.org/debian sid InRelease [165 kB]
Err:1 http://deb.debian.org/debian sid InRelease

The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org>

Get:2 http://deb.debian.org/debian experimental InRelease [75.4 kB]
Err:2 http://deb.debian.org/debian experimental InRelease

The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org>

Hit:3 https://packages.riot.im/debian sid InRelease
Hit:4 https://people.debian.org/~praveen/nheko unstable InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1369 packages can be upgraded. Run 'apt list --upgradable' to see them.

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian sid InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org> W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian experimental InRelease: The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org> W: Failed to fetch http://deb.debian.org/debian/dists/sid/InRelease The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org> W: Failed to fetch http://deb.debian.org/debian/dists/experimental/InRelease The following signatures were invalid: BADSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org> W: Some index files failed to download. They have been ignored, or old ones used instead.
--- End Message ---

--- Begin Message ---

Control: tags -1 + moreinfo unreproducible

On Mon, 2022-01-17 at 13:34 +0530, Pirate Praveen wrote:
> Package: debian-archive-keyring
> Version: 2021.1.1
> Severity: grave
> Justification: this breaks updating any package
> 
> On Debian sid, apt update is broken for some days now
> 
> $ sudo apt update
> Get:1 http://deb.debian.org/debian sid InRelease [165 kB]
> Err:1 http://deb.debian.org/debian sid InRelease
>   The following signatures were invalid: BADSIG 648ACFD622F3D138
> Debian 
> Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org>
> Get:2 http://deb.debian.org/debian experimental InRelease [75.4 kB]
> Err:2 http://deb.debian.org/debian experimental InRelease
>   The following signatures were invalid: BADSIG 648ACFD622F3D138
> Debian 
> Archive Automatic Signing Key (10/buster) <ftpmas...@debian.org>

Based on the fact that autobuilding of unstable is still continuing and
there haven't been any reports of this issue on either #d-devel or 
debian-devel@lists, it seems unlikely that there's a general issue
here, rather than something more local to your environment.

In any case, if there were an issue, it would either be with the
archive itself (which is ftp.d.o territory) or with deb.d.o (which is
mirror team / DSA territory), not with either debian-archive-keyring
(which simply ships the public keys) or APT.

Regards,

Adam

--- End Message ---