From: david@kalnischkies.de   
      
   Am Tue, Feb 10, 2026 at 09:08:30PM +0100, schrieb Alexander Kjäll:   
   > > The idea here is that a repo with an expired key (think e.g. buster)   
   > > should not be used even if that repo was correctly signed back in the   
   > > day as the data the key signed is sort of expired by now, too.   
   >    
   > If this is a desired property, shouldn't there rather be an expiration date   
   > set on the signature?   
      
   Maybe that is the correct technical solution, but good luck telling that   
   each and every repository owner, which then have to adapt all their   
   generation tools ~ and invent a time machine to use these tools years   
   ago.   
      
   (You could argue that setting every signature to expire is error prune   
    and a bit silly if you can treat key expiry as default value, but okay)   
      
      
   If you want, you can also view key expiry as a dead man's switch key   
   revocation that actually works in our context as key updates (which   
   would make an actual key revocation possible) are not usually done:   
      
   Assuming an attacker manages to get hold of busters secret key now, they   
   can unexpire the key – but they can not really ship this update to users.   
   What they can do is use `faketime` to sign a Release file just before   
   the original key expired that will be accepted by sqv as valid;   
   while gpgv (+ our methods logic) will refuse it.   
      
   (The move to Signed-By drastically reduced the surface of this problem)   
      
      
   Best regards   
      
   David Kalnischkies   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAABCgAdFiEE5sn+Q4uCja/tn0GrMRvlz3HQeIMFAmmMuCgACgkQMRvlz3HQ   
   eIMv1RAAlfKtXvFetNzeKY8g2OdS8WBji2ZEN7H2YOG6osUVGzXl/pgZAUoLlMor   
   y+6N4XmTjat6yL2gKykJKTYUOEUffHU/fCOK9Q5nCdUI5pSVVYPnmYRGNBesHggh   
   2v7zZzrfTDXDOFJrcepo45wBUzAM+B/EEEhWKWg9rRJESix+UzlpU3SNfXBqm8h6   
   6e9fcPU+KT5sRNWtovYVWUaQUrfVwd48A6PE5cU1r9j7p+q7RSvD/ManC+gAa5Lt   
   5VrXDmcEkHqhKSd1XeO+Xfn51KreM2TMrQ5pH36NRljK+pB+6WsJs1kV9f5Vc1ml   
   NNVOKRcoun7OMGZY4/Zj4D1h46RNBxm+DK43FqPe9jNgPi8yd4KG6y+Gv4PyKClL   
   bBzsndZUrynePMffwJex3O6J3llPPzCxc8GrnLjCdpCVyEG1D3TFyZT5oo5TQCxM   
   ONEqbvGCzmVxIARU0u4Fzj3bqr5U2yruwUSsbfVjUwDJasGUcfpExXmbbv4ALBrq   
   imSP/hF301NZcROtBR+3IrF60Qx5mmQGmwjj11kIA4exi1aU+/avRRFAFCmhRT9P   
   yiGWBICFDKwnoHmvodrsaYfz++WNsFX2YwE5WIx0NhS6hO6cDinkb1t8lmiuPuxw   
   2eG1wzE6JF6K0dqtC7zBDWj+rB1xOaNCigUKBgvI7wtEIG3yfcU=   
   =BsYz   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)