Following Fedora’s migration to Sequoia PGP, it seems that it isn’t possible to import an expired signing key anymore. rpm --import https://some.domain/public-keys/SOME_EXPIRED_RPM_KEY.public error: Certificate <CERT_ID>: The certificate is expired: The primary key is not live error: https://some.domain/public-keys/SOME_EXPIRED_RPM_KEY.public: key 1 import failed. I’d like to know what a third party can do to allow older versions of a package to be installed despite the expired GPG key. To be precise, the GPG key is expired but not revoked so it shouldn’t be an issue. One option I’m aware of would be to resign older packages but it involves changing the checksum of the package, which is a bad practice we’d like to avoid. Any suggestions ? Or is it an issue to redirect to rpm-sequoia directly ? -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
