Removed keys, which are no longer in use by the current series by have
been used by previous series are always shipped in the
/usr/share/keyrings/ubuntu-archive-removed-keys.gpg and similar, which
are not trusted by the new systems by default.

So I'm not sure what you are asking for ubuntu-keyring to ship. We
always provide all the keys that have been ever in use.

** Changed in: ubuntu-keyring (Ubuntu)
       Status: New => Invalid

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.

  Make retired Ubuntu keyrings available from the archive

Status in ubuntu-keyring package in Ubuntu:

Bug description:
  Currently, if an Ubuntu developer (or their code) is attempting to
  interact with the precise archive (which is still supported in some
  form via ESM) from a machine running bionic or later, they will run in
  to issues verifying signatures, because the keys used to sign the
  precise archive are no longer included in the default keyring as of

  (Some form of this problem will present every time an archive key
  rotation happens; eventually the old key will no longer be trusted,
  and similar failures to the ones today will occur.)

  Whilst the old keys should never be used by the system's apt (or other
  installed software), it would be good if there were some way to
  install those keys from the archives for projects which knowingly want
  to use the older signatures.  (The old keys should be in a path that
  isn't currently used by anything, so that they have to be explicitly

  (This bug came out of a discussion on

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to