[clug] Re-signing Debian Packages (answer)
Tony Lewis
tony at lewistribe.com
Mon Jan 16 22:40:11 UTC 2023
Hi Jeff,
If it suits your risk appetite, you can up the security a little...
On 17/1/23 08:39, jm via linux wrote:
> Replying to myself to make this easier to find. These are the rough
> steps which appear to have solved the problem of having the Debian
> repo signed by an expired key. It's still yet to get extensive
> testing, but the initial tests shows this works.
>
> 1. Create a new Key
>
> $ gpg --gen-key
If you use --full-gen-key you can add expiry dates and other metadata
like names that might benefit you.
<snip>
Also don't forget it might be beneficial to validate `Release` against
the old key before blindly signing it
Tony
>
> Jeff.
>
>
More information about the linux
mailing list