Bug#917991: debian-keyring: debian-role-keys.gpg: contains obsolete, expired Debian Security Team key

Paul Wise Tue, 01 Jan 2019 18:03:54 -0800

Package: debian-keyring
Version: 2018.11.25
Severity: normal
File: /usr/share/keyrings/debian-role-keys.gpg
Tags: security
X-Debbugs-CC: secur...@debian.org


I noticed that debian-role-keys.gpg contains two keys for the Debian
Security Team, one of which is expired and obsolete (based on the
security FAQ on the website). Presumably the obsolete key should be
removed from the Debian role keyring.

$ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-role-keys.gpg 
--list-key secur...@debian.org
Keyring: /usr/share/keyrings/debian-role-keys.gpg
-------------------------------------------------
pub   rsa4096/0x2702CAEB90F8EEC5 2012-09-12 [SC] [expired: 2015-09-12]
      Key fingerprint = BACB 4B5C 30AC 38F3 19EE  961E 2702 CAEB 90F8 EEC5
uid                   [ expired] Debian Security Team <secur...@debian.org>
uid                   [ expired] Debian Security Team <t...@security.debian.org>
uid                   [ expired] Debian Security Team 
<debian-security-priv...@lists.debian.org>
sub   rsa4096/0x2FDE22ACA225CF28 2012-09-12 [E] [expired: 2015-09-12]
      Key fingerprint = 8368 CE16 564D 83C7 5049  F9E4 2FDE 22AC A225 CF28

Keyring: /usr/share/keyrings/debian-role-keys.gpg
-------------------------------------------------
pub   rsa4096/0x6BAF400B05C3E651 2015-01-18 [SC] [expires: 2020-01-17]
      Key fingerprint = 0D59 D2B1 5144 766A 14D2  41C6 6BAF 400B 05C3 E651
uid                   [ unknown] Debian Security Team <secur...@debian.org>
uid                   [ unknown] Debian Security Team <t...@security.debian.org>
sub   rsa4096/0x0DD8C0E40F39FB17 2015-01-18 [E] [expires: 2020-01-17]
      Key fingerprint = 0730 18F7 B3AF 12F8 D28A  7063 0DD8 C0E4 0F39 FB17

$ w3m -dump https://www.debian.org/security/faq#contact | grep -A2 'key ID'
If desired, email can be encrypted with the Debian Security Contact key (key ID
0x0D59D2B15144766A14D241C66BAF400B05C3E651). For the PGP/GPG keys of individual
team members, please refer to the keyring.debian.org keyserver.

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), 
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

debian-keyring depends on no packages.

Versions of packages debian-keyring recommends:
ii  gnupg  2.2.12-1

debian-keyring suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

signature.asc
Description: This is a digitally signed message part

Bug#917991: debian-keyring: debian-role-keys.gpg: contains obsolete, expired Debian Security Team key

Reply via email to