Project

General

Profile

Public Key 3037 Days Newer Than The Signature

mineral - 11 months ago -

During a regular update, I see:

gpg: public key DB323392796CA067 is 3037 days newer than the signature
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  22  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  22  signed:  95  trust: 2-, 0q, 0n, 20m, 0f, 0u
gpg: depth: 2  valid:  72  signed:  30  trust: 72-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-06-15

Anything to worry here? Why is "public key DB323392796CA067 is 3037 days newer" message received?


Replies (1)

RE: Public Key 3037 Days Newer Than The Signature - mineral - 4 months ago -

I found a solution like:

$ sudo rm -r /etc/pacman.d/gnupg
$ sudo pacman-key --init
$ sudo pacman-key --populate archlinux parabola

After running the last line, a message may be seen that the revoked keys in keyring are being disabled.

But I wanted to understand more and I found a way to reproduce it:

$ sudo pacman-key --refresh-keys DB323392796CA067

During a regular update, I think it happens becouse of running:

$ sudo pacman-key --refresh-keys

It would be nice to see some comments from those who are experienced with keys and keyrings.

- Is this a good solution or is it secure to keep the enabled but revoked keys in the keyring?
- Are some keys not updated in the servers and is it a bad idea to use pacman-key --refresh-keys ?
- Which method is more accurate or updated to refresh the keyring?

Thanks in advance.

    (1-1/1)