Package: debmirror Version: 1:2.25 Severity: normal Dear Maintainer,
Bad me - I'm deliberately raising this bug against the wrong package. My Google fu has been too weak to determine how to report problems with the archive. Colin's always been so helpful in the past. I'm sorry for abusing his kindness. Hopefully he can steer this in the right direction without any great effort. A few days ago, our local mirror started producing these messages: [ 0%] Getting: dists/wheezy-proposed-updates/Release.gpg... ok [GNUPG:] BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]> gpgv: Signature made Thu 20 Jul 2017 07:31:09 AM PDT using RSA key ID 46925553 gpgv: BAD signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]>" gpgv: Signature made Thu 20 Jul 2017 07:31:09 AM PDT using RSA key ID 46925553 gpgv: BAD signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]>" .temp/.tmp/dists/wheezy-proposed-updates/Release.gpg signature does not verify. Manual verification showed that they the file really does fail verification. Manual downloading showed that it was downloaded correctly. Looking at some approximation to the ultimate upstream: http://ftp.debian.org/debian/dists/wheezy-proposed-updates/ I see the time on the .gpg file is almost six hours before the time on the file being signed. I guess the signature is out-of-date then. I'm being spammed every day by some code alleging a potential security issue. I've just realized that the code scraping the debmirror log to do that is a local invention. That might explain why I couldn't find an existing report of this issue. Perhaps it's unimportant but I thought I should raise it somewhere. -- System Information: Debian Release: 7.3 APT prefers oldstable-updates APT policy: (990, 'oldstable-updates'), (990, 'oldstable'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages debmirror depends on: ii bzip2 1.0.6-4 pn libdigest-md5-perl <none> ii liblockfile-simple-perl 0.208-1 ii libnet-inet6glue-perl 0.5-1 ii libwww-perl 6.04-1 ii perl [libdigest-sha-perl] 5.14.2-21+deb7u2 ii perl-modules [libnet-perl] 5.14.2-21+deb7u2 ii rsync 3.0.9-4 Versions of packages debmirror recommends: ii ed 1.6-2 ii gpgv 1.4.12-7+deb7u3 ii patch 2.6.1-3 Versions of packages debmirror suggests: ii gnupg 1.4.12-7+deb7u3 -- debconf-show failed
