-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jun 20, 2018 at 10:37:19AM -0700, Don Armstrong wrote:
[...] > Hrm; it looks like apt has its own internal version of gpgv which > actually tests the time. Ah, at last someone in the know :-) Thanks! > In theory, [allow-weak=yes] should work, but I haven't actually tested > this. Since it seems that an archived Debian release is bound to have an expired key, would you agree that it'd be useful to have an option to accept such a key? Cheers - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlsqqwQACgkQBcgs9XrR2kbwPQCdFeSmxtYo/49/Bprrvc0N2SdY l38AniWzwgA72Ej8X1GVE/MDIMHvBjVL =jbKR -----END PGP SIGNATURE-----