Debian packages are signed with an expired key
Currently (for some time now) when running 'update' in aptitude the following error is reported:
A: GPG error: https://www.semanticmerge.com ./ Release: The following signatures are not valid: KEYEXPIRED 1442157655
Of course, this has nothing to do with 'aptitude'.
A new key needs to be provided and packages need to be signed with that key.
The way Debian and Ubuntu do this is to have a separate package which is signed with the old key, and, when needed, delivers the new keys, then, after that package is available, the new key can be used for signing.
3
votes
![](https://secure.gravatar.com/avatar/440243592c0ce7108b6ec1f4ae8abac8?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)