severity 757533 normal thanks On Fri, Aug 08, 2014 at 07:41:11PM -0400, Michael Gilbert wrote: > The archive keyring package is currently signed by Philip Kern's old > removed key. > > Since this package contains the keys to archive, it really needs a > valid signature.
The key has neither been revoked nor compromised. It just cannot be used for new uploads nor to authenticate to Debian's systems. So I completely disagree with the inflated severity you laid out here (and potential MBFs). We will update the package with the new Jessie key soon, though, which should fix this issue as the package will need to be backported. Kind regards Philipp Kern
signature.asc
Description: Digital signature