Client: Debian Signing Key Expired

Created on 20 Nov 2017  路  9Comments  路  Source: keybase/client

Hi,

While running apt-get on my local system I encountered an error from APT complaining that the key had expired for keybase. Looking at the GPG key it does appear to have expired. Is there a new key published yet?

Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://prerelease.keybase.io/deb stable InRelease: The following signatures were invalid: EXPKEYSIG 47484E50656D16C7 Keybase.io Code Signing (v1) <[email protected]>
W: Failed to fetch http://prerelease.keybase.io/deb/dists/stable/InRelease  The following signatures were invalid: EXPKEYSIG 47484E50656D16C7 Keybase.io Code Signing (v1) <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.

pub   rsa4096 2013-11-19 [SC] [expired: 2017-11-19]
      222B 85B0 F90B E2D2 4CFE  B93F 4748 4E50 656D 16C7
uid           [ expired] Keybase.io Code Signing (v1) <[email protected]>
picture laughing-penguins
👍3

Most helpful comment

Unfortunately as far as I can tell, none of these bug reports or the docs page about this are currently reachable via google.

picture oconnor663 on 20 Nov 2017
👍3

All 9 comments

cc: @oconnor663

maxtaco picture maxtaco on 20 Nov 2017

Looks like there was a warning message that I needed to update keybase to account for the expiring key :) please ignore and close as PEBCK issue.

laughing-penguins picture laughing-penguins on 20 Nov 2017

Same issue as https://github.com/keybase/client/issues/9626.

oconnor663 picture oconnor663 on 20 Nov 2017

Unfortunately as far as I can tell, none of these bug reports or the docs page about this are currently reachable via google.

oconnor663 picture oconnor663 on 20 Nov 2017
👍3

thanks for the link to the docs @oconnor663.

donalhunt picture donalhunt on 21 Nov 2017

how often will this happen in the future?

donbright picture donbright on 30 Jan 2018

The current version of the signing key doesn't expire until 2027. Hopefully by then the world will have moved on to a packaging system that doesn't depend on PGP :)

oconnor663 picture oconnor663 on 30 Jan 2018

"hopefully the world will have moved on from ipv4" - 1995 internet chatroom talk

donbright picture donbright on 20 Mar 2018
😄1

I use ipv9, idk about you guys.

Also, I use keybase to sign all my packages. You ever heard of it? :-P

dabura667 picture dabura667 on 20 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Alexendoo picture Alexendoo  路  3Comments
dwhagar picture dwhagar  路  3Comments
pipermerriam picture pipermerriam  路  4Comments
martindevans picture martindevans  路  4Comments
hkjels picture hkjels  路  4Comments