Comment 2 for bug 1481871

I just ran into the same issue. What's not obvious from the original post, though, is that apt-key reports back that it deleted the key "OK" - but actually did not:

root@mybox:~# apt-key list | grep 79EAFD54
pub 1024D/79EAFD54 2009-01-22 [expired: 2013-06-28]

root@mybox:~# apt-key adv --keyid-format long --list-key 79EAFD54
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.0hGkImk1B8 --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/xorg-edgers-ppa.gpg --keyid-format long --list-key 79EAFD54
pub 1024D/BED1E87979EAFD54 2009-01-22 [expired: 2013-06-28]
uid security OBS Project <email address hidden>

root@mybox:~# apt-key del BED1E87979EAFD54
OK

root@mybox:~# apt-key list | grep 79EAFD54
pub 1024D/79EAFD54 2009-01-22 [expired: 2013-06-28]

As such, if you supply a key ID as an argument to "apt-key del" in any GnuPG supported format other than the 'old' short key ID format without leading "0x" (so just the last 8 bytes of the key's fingerprint, ") the result is that your command is *silently ignored*. (There seem to be some non-defined GPG formnats which will return an error message, such as when using the last 6 or 10 (but not 12) bytes of the fingerprint).

This can result in users and applications alike meaning to revoke trust on an APT archive keyring, being told they succeeded in doing so, but actually failing.

As such, from my perspective, this is a security bug.

This was Ubuntu 14.04.3 LTS x86_64 with the latest updates installed and no held packages (but some third party PPAs).

I have not tried to reproduce this issue on any other Ubuntu releases. I tried to reproduce this behaviour on Debian GNU/Linux 8.2 "Jessie" but was unable to.