diff options
author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-11-21 04:43:11 +0100 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-11-21 07:37:17 +0100 |
commit | ea9eca9832d9f83417de0fc26cb93130a2b47f6c (patch) | |
tree | 93f87408f6fa152f414a9c2d04cf9ddf34dc32bd /libre/java-common/PKGBUILD | |
parent | 4de3563745ac22868d3ef261a1013ccd092a1384 (diff) | |
download | abslibre-ea9eca9832d9f83417de0fc26cb93130a2b47f6c.tar.gz abslibre-ea9eca9832d9f83417de0fc26cb93130a2b47f6c.tar.bz2 abslibre-ea9eca9832d9f83417de0fc26cb93130a2b47f6c.zip |
libre: texlive-bin: bump package revision to workaround expired key
Without that fix, we have the following error while
installing or upgrading texlive-bin:
error: texlive-bin: signature from "bill-auger <bill-auger@peers.community>" is unknown trust
:: File /var/cache/pacman/pkg/texlive-bin-2021.58686-3.parabola8-i686.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
This is because the corresponding gpg key is expired:
$ gpg --verify /var/cache/pacman/pkg/texlive-bin-2021.58686-3.parabola8-i686.pkg.tar.xz.sig
gpg: assuming signed data in '/var/cache/pacman/pkg/texlive-bin-2021.58686-3.parabola8-i686.pkg.tar.xz'
gpg: Signature made mer. 03 nov. 2021 03:02:20 CET
gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: Good signature from "bill-auger <bill-auger@peers.community>" [unknown]
gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [unknown]
gpg: aka "bill-auger <bill-auger@programmer.net>" [unknown]
gpg: aka "[jpeg image of size 6017]" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40
Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778
Key expirations often happen when because there are
conflicting best security practices with key expiration
dates: for long term software releases, it's better if
the key don't have too short expiration dates, especially if
users can't easily update the key, but short key expirations
help a lot for security and for uses cases like mail, if you
loose your key, having a short expiration date will ensure
that people will (shortly) stop sending you mail that you
can't decrypt.
In addition keeping a key always up to date can in some case
be very complex.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'libre/java-common/PKGBUILD')
0 files changed, 0 insertions, 0 deletions