Oh nice, i'll check tomorrow or on Friday, thanks for this suggestion. Could help a lot with third parties repo using weak timestamp also.
On June 20, 2018 7:37:19 PM GMT+02:00, Don Armstrong <d...@debian.org> wrote: >On Tue, 19 Jun 2018, Adam Cecile wrote: >> On 06/19/2018 10:48 PM, Don Armstrong wrote: >> > On Tue, 19 Jun 2018, Adam Cecile wrote: >> > > That's a pity, don't you think so ? I think Debian should renew >the >> > > archive key, so we can still verify packages signatures. >> > You can still verify them. Key expiration doesn't make existing >> > signatures invalid. [Indeed, gpgv doesn't even check for expired >keys.] >> > >> With apt ? I had to set allowunauthenticated = 1 in apt.conf, >otherwise apt >> wouldn't install anything. > >Hrm; it looks like apt has its own internal version of gpgv which >actually tests the time. > >In theory, [allow-weak=yes] should work, but I haven't actually tested >this. > >-- >Don Armstrong https://www.donarmstrong.com > >You are educated when you have the ability to listen to almost >anything without losing your temper or self-confidence. > -- Robert Frost -- Sent from my Android device with K-9 Mail. Please excuse my brevity.