Packman GPG key expired

I note that the packman GPG key has expired. I imported the key but find that it is still expired (18/9/2008). Some of the other repository keys do not appear to have an expiry date and others are a couple of years into the future. YAST will not allow be to edit the key to change the expiry - edit grayed out

Any ideas??


If the consequence of this is that whenever you re-boot, you are asked whether “you trust the source of these packages. Repository Name: Packman Repository.”, I’d be interested in the answer to this too.

Well of course not, the expiry date is an integral part of the key. If it were editable, fakers could revive old keys and pass them off as current.

Only thing to do is to wait for Packman to issue a new key.

I leave my PC on 24/7 - I noticed because the online update icon shows a yellow triangle and I get the following error:

Refresh failed: . Error: refusing unsigned file repomd.xml Error: Could not refresh repository ‘Packman Repository’: Valid metadata not found at specified URL(s) History: - Signature verification failed for repomd.xml

I can use the online update via YAST and accept the unsigned .xml file but that misses the point of the notification

You could disable the Packman repo for the time being to avoid the yellow triangle.

I find it strange though that the Packman maintainers didn’t see this coming up.

I too find it odd but it seems to be an annual event usually lasts about a week then no problems after that for about a year.

Hmmm. Security as an afterthought at Packman? Guess they must have forgotten to put it in their Outlook. Oh, wait…

Packman’s new signing key is now available. It does not expire until 09/21/2010.