Public Key 3037 Days Newer Than The Signature
During a regular update, I see:
gpg: public key DB323392796CA067 is 3037 days newer than the signature gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 22 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 22 signed: 95 trust: 2-, 0q, 0n, 20m, 0f, 0u gpg: depth: 2 valid: 72 signed: 30 trust: 72-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2023-06-15
Anything to worry here? Why is "public key DB323392796CA067 is 3037 days newer" message received?
I found a solution like:
$ sudo rm -r /etc/pacman.d/gnupg $ sudo pacman-key --init $ sudo pacman-key --populate archlinux parabola
After running the last line, a message may be seen that the revoked keys in keyring are being disabled.
But I wanted to understand more and I found a way to reproduce it:
$ sudo pacman-key --refresh-keys DB323392796CA067
During a regular update, I think it happens becouse of running:
$ sudo pacman-key --refresh-keys
It would be nice to see some comments from those who are experienced with keys and keyrings.
- Is this a good solution or is it secure to keep the enabled but revoked keys in the keyring?
- Are some keys not updated in the servers and is it a bad idea to use pacman-key --refresh-keys ?
- Which method is more accurate or updated to refresh the keyring?
Thanks in advance.