On Thu, Feb 10, 2022 at 11:09 AM Philipp Klaus Krause <p...@spth.de> wrote: > > I just downloaded debian-hurd-20210812.img, and started it in kvm. > apt-get update then failed: > ... > Get:3 http://snapshot.debian.org/archive/debian/20210812T100000Z sid > InRelease [165 kB] > Err:1 http://snapshot.debian.org/archive/debian-ports/20210812T100000Z > sid InRelease > The following signatures were invalid: EXPKEYSIG 5A88D659DCB811BB > Debian Ports Archive Automatic Signing Key (2021) > <ftpmas...@ports-master.debian.org>
You might consider filing a bug against Debian or Apt. There's no such thing as an expired signature. For those who desire a key to have attributes, either (1) the key was valid at the time and applied the signature or (2) the key was not valid. A valid signature does not transition to invalid after the signature has been applied. The only way to invalidate signatures is to revoke the key. There's no reason to revoke the key here. This is just more Debian key mismanagement. They have a chronic problem. Jeff