(Subject was: SOLVED - aka How to quickly override 'apt-get update' gpg repo check - was - local (old) sid repo - manually updating Release date ?)
On 7/13/13, Zenaan Harkness <z...@freedbms.net> wrote: > On 7/13/13, Zenaan Harkness <z...@freedbms.net> wrote: > ... >> Anyone know what's changed, that is stopping me from temporarily >> ignoring the out of date Release file in my local repo, and/ or how to >> get around this problem, since my previous workaround no longer works? >> >> Very much looking forward to a fix that does _not_ involve changing my >> system date! > > The following appears that it might have worked: > > cd /public/debian/debian/dists/sid/ > mv Release.gpg Release.gpg.old > ... Unfortunately, this works with the side effect of eliminating package gpg checks, eg: --- apt-get install zfs-fuse ... WARNING: The following packages cannot be authenticated! zfs-fuse Install these packages without verification [y/N]? --- So we users must say yes, ignore verification, if we want to install a package. However the signature for the package should surely still be verifiable! Is there a way to do a repo-wide re-signing to create a locally signed repo with say a 5-yr expiry? Is there a way to avoid a repo-wide re-signing, and still have the packages mirrored from two weeks+ ago, be verified by gpg? (We currently run 7 computers at three addresses off of our local mirror (rural users we) and various VMs, and I simply cannot resync the mirror (sneakerneted) drives frequently enough to avoid the problem of this gpg verification situation we're in.) TIA Zenaan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOsGNSQ0QF=z81kaizjv6i+5heah1pus+itqjwa6rdoisnp...@mail.gmail.com
