Oh nice, i'll check tomorrow or on Friday, thanks for this suggestion. Could 
help a lot with third parties repo using weak timestamp also.

On June 20, 2018 7:37:19 PM GMT+02:00, Don Armstrong <d...@debian.org> wrote:
>On Tue, 19 Jun 2018, Adam Cecile wrote:
>> On 06/19/2018 10:48 PM, Don Armstrong wrote:
>> > On Tue, 19 Jun 2018, Adam Cecile wrote:
>> > > That's a pity, don't you think so ? I think Debian should renew
>the
>> > > archive key, so we can still verify packages signatures.
>> > You can still verify them. Key expiration doesn't make existing
>> > signatures invalid. [Indeed, gpgv doesn't even check for expired
>keys.]
>> > 
>> With apt ? I had to set allowunauthenticated = 1 in apt.conf,
>otherwise apt
>> wouldn't install anything.
>
>Hrm; it looks like apt has its own internal version of gpgv which
>actually tests the time.
>
>In theory, [allow-weak=yes] should work, but I haven't actually tested
>this.
>
>-- 
>Don Armstrong                      https://www.donarmstrong.com
>
>You are educated when you have the ability to listen to almost
>anything without losing your temper or self-confidence.
> -- Robert Frost

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Reply via email to