On Mon, Jan 09, 2006 at 11:43:25AM -0500, Joey Hess wrote: > > Perhaps "expiry" isn't exactly what we want -- it's possible we want an > > archive key that will only verify Release files with a date earlier than > > a given date; but will continue to do so for an extended period of time. > Is possible to implement that using gpg?
Not directly afaik. If you say "Archive Signing Key (Date <= 2006-05-01)" apt could parse that from gpgv's output and perform the check itself, or add a "The key used to sign these packages expired on 2006-05-01; if you obtained this media after that date, you may have a problem. Continue (y/n): " warning. I'm not sure off-hand what gpgv outputs in the case of an expired key; it might be feasible to do the above already. Cheers, aj
signature.asc
Description: Digital signature
