In der Nachricht vom Sunday, 4 September 2022 11:20:39 CEST steht: > Automatically updates require the key to be updated, but the package in > point that should provide the updated key is outdated as well. So, it's a > vicious circle that requires manual intervention via "dpkg -i", as Ludovic > has pointed out.
I feared what you wrote, so it's a kind of second worst case scenario. We will have some Devuan installations not getting updates any longer (1411 unattended-upgrades installed according to popcon and not all of these are closely accompanied, I guess). At least Devuan should put a clearly visible warning on the front page of https://devuan.org/ linked to a helping page, if an automatic correction of the problem is impossible. But, if I look at the list of installed keys, I see: $ apt-key list [...] /etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg ------------------------------------------------------ pub rsa2048 2014-12-02 [SC] 72E3 CB77 3315 DFA2 E464 743D 9453 2124 5419 22FB uid [ unknown] Devuan Repository (Primary Devuan signing key) <reposit...@devuan.org> sub rsa2048 2014-12-02 [E] sub rsa4096 2016-04-26 [S] [...] This key does not expire and it seems installed on beowulf and chimaera. Can we just also sign the index file and the devuan-keyring package with this key for a while? Would this help to get the new devuan-keyring package and thus to fix the issue automatically? Regards, Adrian.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
