[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
In case anyone else is seeing this during dist-upgrade and wondering what on earth they are doing: ... Reading package lists... Done W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.torproject.org trusty InRelease: The following signatures were invalid: KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 KEYEXPIRED 1409325681 W: Failed to fetch http://deb.torproject.org/torproject.org/dists/trusty/InRelease ghost@failbot:~$ gpg -v --list-keys | head -n 5 gpg: using PGP trust model gpg: NOTE: signature key 219EC810 expired Fri 29 Aug 2014 16:21:21 BST /home/ghost/.gnupg/pubring.gpg ------------------------------ pub 2048R/886DDD89 2009-09-04 [expires: 2016-08-28] uid deb.torproject.org archive signing key sub 2048R/219EC810 2009-09-04 [expired: 2014-08-29] Yes, they let their GPG signing key expire *again* - this is not the first time they've done this either. I have the greatest respect for all the work the Tor team have done but their packager really needs to pull their finger out: it's not like an automated check would be trivial to arrange or anything... *rolls eyes* Hell, he could even have stuck a post-it to his noteboard or something, this is as stupid as forgetting to renew your domain or SSL certs and then looking like a moron on the entire internet. According to https://trac.torproject.org/projects/tor/ticket/12994 they hopefully will get around to fixing it "Sundayish". Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq