17 Jun
2022
17 Jun
'22
6:39 p.m.
On Tue, 14 Jun 2022 19:19:54 +0200 Peter Gerber tor-lists@arbitrary.ch wrote:
Looks like the expiration date on the key was changed and the package deb.torproject.org-keyring only updates that key in /usr/share/keyrings/. I can't but wonder if everyone that doesn't have a signed-by is affected, which must be quite a few.
Yeah I had the public signing key in both /etc/apt/trusted.gpg.d and /usr/share/keyrings. I had to manually update the key in /usr/share/keyrings/tor-archive-keyring.gpg as that file was referenced by my sources.list file. Not sure how it ended up in two places. Thanks for pointing this out!