Public bug reported: [Impact]
* ftp.ports.debian.org changes keys every year, and updates debian- ports-archive-keyring 2 years ahead of time. * Packages in bionic and focal do not have 2022's key, making the packages unusable. * SRU falls under "Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar" * Package can be synced directly from Debian [Test Plan] sudo debootstrap --arch=riscv64 --force-check-gpg --foreign --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg sid /tmp/sid http://ftp.ports.debian.org/debian-ports/ Expected: I: Checking Release signature I: Valid Release signature (key id CBC70A60B9ED6F237A5F5B0BE852514F5DF312F6) I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... [...] Currently: I: Checking Release signature E: Release signed by unknown key (key id E852514F5DF312F6) The specified keyring /usr/share/keyrings/debian-ports-archive-keyring.gpg may be incorrect or out of date. You can find the latest Debian release key at https://ftp-master.debian.org/keys.html [Where problems could occur] * Very old keys are removed from the keyring by subsequent package updates. An existing program might be looking for old keys and start failing, but this scenario is probably unlikely. [Other Info] ** Affects: debian-ports-archive-keyring (Ubuntu) Importance: Undecided Status: New ** Tags: bionic focal ** Tags added: bionic focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961454 Title: [SRU] Package unusable due to yearly key changes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debian-ports-archive-keyring/+bug/1961454/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
