On Sun, Apr 26, 2015 at 09:34:00AM +0200, David Ayers wrote: > and congratulations on the release of Jessie! But I think im seeing > some unexpected side effects, at least from my point of view. > > This is the contents an sources.list of one of my squeeze systems:
... > an aptitude update currently produces: > W: There is no public key available for the following key IDs: > > 7638D0442B90D010 > W: There is no public key available for the following key IDs: > 7638D0442B90D010 > > This key seems to be a key relevant for Jessie release: > Debian Archive Automatic Signing Key (8/jessie) <ftpmas...@debian.org> > It is signed by the wheezy release key: > 46925553 2014-11-21 Debian Archive Automatic Signing Key (7.0/wheezy) > <ftpmas...@debian.org> > > So I'm assuming that this is legitimate and it would be safe to: > gpg -a --export 7638D0442B90D010|sudo apt-key add - > > But it would be nice if that wouldn't be necessary. > And it is unclear to me, why this key should be relevant for Squeeze. It's actually signed by both the wheezy key (46925553) and the jessie key (2B90D010); the latter is the one it's complaining about. At least on my squeeze system, the wheezy key is already in the apt trusted store (indeed, it was added to debian-archive-keyring in 2010.08.28+squeeze1). I assume that the intention was that systems with either the wheezy and/or jessie key would be able to verify the signature, but this doesn't seem to be the case, at least with the version of gpg/apt in squeeze. Perhaps the FTP-masters need to drop the jessie signature for squeeze-lts? CCing them for their comments (together with a big thank you for the release work yesterday!) Cheers, Dominic -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150426090356.gd5...@urchin.earth.li
