Hi all, sorry to all users of the CRAN Debian backports for the inconvenience caused by the expiration of my signing key. I have created a new key and uploaded it to keyserver.ubuntu.com, and signed the buster40 and bullseye40 repositories with it. The repos signed with the new key will be available to all users of the CRAN Debian archive as soon as the synchronisation has taken place. Kind regards, Johannes P.S.: Unfortunately I could not change the key expiration of the old key, as I have lost the passphrase of the corresponding master key. For the same reason, the new key is not signed with the old one. Am Dienstag, 16. November 2021, 14:18:06 CET schrieb Dirk Eddelbuettel:> On 16 November 2021 at 12:08, bodo riediger-klaus wrote: > | Hello, > | > | i get a key-expired message when i try to update my repository > | > | root at merlot:/etc/apt/sources.list.d# cat rbase-stable.list > | deb http://ftp.gwdg.de/pub/misc/cran/bin/linux/debian buster-cran40/ > | > | > | W: GPG-Fehler: http://ftp.gwdg.de/pub/misc/cran/bin/linux/debian > | buster-cran40/ InRelease: Die folgenden Signaturen waren ung?ltig: > | EXPKEYSIG FCAE2A0E115C3D8A Johannes Ranke (Wissenschaftlicher Berater) > | <johannes.ranke at jrwb.de> > > As it is the personal key of Johannes, only Johannes (CC'ed) can fix it. > It is my understanding that he has been contacted, but as we had not said so > on the list it is good to have it here too. > > Dirk > > | As you can see on > | > | https://keyserver.ubuntu.com/pks/lookup?search=0xE19F5F87128899B192B1A2C2A > | D5F960A256A04AF&fingerprint=on&op=index > | > | there are two Expired Sub-Keys: > | > | sub rsa3072/5bc121cfdc61bdae03062260af83ce117fbb4c22 > | 2016-11-15T20:12:04Z > | sig sbind ad5f960a256a04af 2016-11-15T20:12:04Z ____________________ > | 2021-11-14T18:17:46Z [] > | > | sub rsa3072/ad7b5162ba456be3526f8d92fcae2a0e115c3d8a > | 2016-11-15T19:58:24Z > | sig sbind ad5f960a256a04af 2016-11-15T19:58:24Z ____________________ > | 2021-11-14T18:17:46Z [] > | > | > | greetings, bodo > | > | -- > | R.-Bodo Riediger-Klaus IT-Dienst FB MI Freie Universit?t Berlin > | bodo.riediger-klaus at fu-berlin.de Takustr.9 R.038 Fon: 030 838 75175 > | > | _______________________________________________ > | R-SIG-Debian mailing list > | R-SIG-Debian at r-project.org > | https://stat.ethz.ch/mailman/listinfo/r-sig-debian
J C Nash
2021-Nov-16 14:29 UTC
[R-sig-Debian] signing key of repo expired -- tangential question
I've seen several issues like this with "private" repositories or sections thereof. Is there a reasonable way to set things up so keys or access is shared across several people or held in an organizational escrow? I think there is general good will on the part of most people contributing, but things happen in life, and the collective can be inconvenienced. Best, JN On 2021-11-16 8:28 a.m., Johannes Ranke wrote:> Hi all, > > sorry to all users of the CRAN Debian backports for the inconvenience caused > by the expiration of my signing key. > > I have created a new key and uploaded it to keyserver.ubuntu.com, and signed > the buster40 and bullseye40 repositories with it. The repos signed with the > new key will be available to all users of the CRAN Debian archive as soon as > the synchronisation has taken place. > > Kind regards, > > Johannes > > P.S.: Unfortunately I could not change the key expiration of the old key, as I > have lost the passphrase of the corresponding master key. For the same reason, > the new key is not signed with the old one. > > Am Dienstag, 16. November 2021, 14:18:06 CET schrieb Dirk Eddelbuettel: >> On 16 November 2021 at 12:08, bodo riediger-klaus wrote: >> | Hello, >> | >> | i get a key-expired message when i try to update my repository >> | >> | root at merlot:/etc/apt/sources.list.d# cat rbase-stable.list >> | deb http://ftp.gwdg.de/pub/misc/cran/bin/linux/debian buster-cran40/ >> | >> | >> | W: GPG-Fehler: http://ftp.gwdg.de/pub/misc/cran/bin/linux/debian >> | buster-cran40/ InRelease: Die folgenden Signaturen waren ung?ltig: >> | EXPKEYSIG FCAE2A0E115C3D8A Johannes Ranke (Wissenschaftlicher Berater) >> | <johannes.ranke at jrwb.de> >> >> As it is the personal key of Johannes, only Johannes (CC'ed) can fix it. >> It is my understanding that he has been contacted, but as we had not said so >> on the list it is good to have it here too. >> >> Dirk >> >> | As you can see on >> | >> | https://keyserver.ubuntu.com/pks/lookup?search=0xE19F5F87128899B192B1A2C2A >> | D5F960A256A04AF&fingerprint=on&op=index >> | >> | there are two Expired Sub-Keys: >> | >> | sub rsa3072/5bc121cfdc61bdae03062260af83ce117fbb4c22 >> | 2016-11-15T20:12:04Z >> | sig sbind ad5f960a256a04af 2016-11-15T20:12:04Z ____________________ >> | 2021-11-14T18:17:46Z [] >> | >> | sub rsa3072/ad7b5162ba456be3526f8d92fcae2a0e115c3d8a >> | 2016-11-15T19:58:24Z >> | sig sbind ad5f960a256a04af 2016-11-15T19:58:24Z ____________________ >> | 2021-11-14T18:17:46Z [] >> | >> | >> | greetings, bodo >> | >> | -- >> | R.-Bodo Riediger-Klaus IT-Dienst FB MI Freie Universit?t Berlin >> | bodo.riediger-klaus at fu-berlin.de Takustr.9 R.038 Fon: 030 838 75175 >> | >> | _______________________________________________ >> | R-SIG-Debian mailing list >> | R-SIG-Debian at r-project.org >> | https://stat.ethz.ch/mailman/listinfo/r-sig-debian > > _______________________________________________ > R-SIG-Debian mailing list > R-SIG-Debian at r-project.org > https://stat.ethz.ch/mailman/listinfo/r-sig-debian >