Ubuntu
smartmontools package

update-smart-drivedb: embedded GPG key expires in 2020

Bug #1893126 reported by Lucas Kanashiro on 2020-08-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	smartmontools (Ubuntu)	New	Undecided	Unassigned

Bug Description

In Focal, the update-smart-drivedb script has an embedded GPG key which seems to expire in 2020:

$ grep -A2 "Signing Key" /usr/sbin/update-smart-drivedb
# Smartmontools Signing Key (through 2020)
# <email address hidden>
# Key ID 721042C5

We need to keep that in mind to update the key as soon as upstream releases a new one.

Revision history for this message

Paride Legovini (paride) wrote on 2020-08-27:

Hi, I noticed a couple of things while looking what this is about:

1. The KeyID is mentioned in the update-smart-drivedb(8) manpage too, so when we upgrade the key the manpage has to be updated too. (I'd use the full fingerprint rather than the KeyID.)

2. LP: #1893202.

Revision history for this message

Christian Franke (christian-franke) wrote on 2021-01-10:

Key 721042C5 lifetime has been extended to 2025. Old update scripts should still work as gpg does not refuse verification if (signature_timestamp > pubkey_expiry_time).

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntusmartmontools package

update-smart-drivedb: embedded GPG key expires in 2020

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
smartmontools package