How to continue to use expired GPG keys (but still verify signatures)?

Mitar

4/28/24, 4:37 PM

So MongoDB 4.0 key has expired (forum post, forum post). I know that I can make it so that apt does not validate signatures (with --allow-unauthenticated or --allow-insecure-repositories flag), but I would not like to completely ignore signatures, I would like that the signature is still checked, only that expiration of the key is ignored. The key has not been compromised, so signatures are still secure (and prevent somebody from injecting something bad). Is it possible to just ignore the expiration?

305

0 + 2

apt

David

4/28/24, 4:41 PM

You can not have both, Ignore security and have security.

Mitar

4/28/24, 4:50 PM

I want to ignore expiration of the key, but verify cryptographically that the signature still matches the key.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to continue to use expired GPG keys (but still verify signatures)?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.