@cat262584 wrote a recent post questioning the advisability of keeping expired apt keys on MX, which I found intriguing. @Adrian stated that the expired keys were not a security risk, and @cat262584 responded with various scenarios from internet sources in which a foreign spy might be able to use an expired key to load malware onto a system. I thought both made good points. To the points that @Adrian was making, the level of skill, access, and hacking that would be required to pull off such a malware injection would be enormous, and it simply is not a risk for any normal MX or Debian user. I agree with that assessment.
However, in the interest of testing the hypothesis of @cat262584, I decided to try the method that they posted to remove the expired keys, and see if my system suffered any ill effects.
To remove an expired key is a multi-step process. First list all the apt keys on the system:
Code: Select all
sudo apt-key listCode: Select all
sudo apt-key del "1F5C 2E81 5EC2 9445 3B15 233C D3F9 85C5 1A77 B3E9" "64D1 5ADA FA81 B2C5 619B 3297 2EBC 26B6 0C5A 2783" "64C3 6120 DA8D 91E7 378B E79F 3916 C431 F809 94F6" "CD5A 9776 9F6E F4D9 EBCD 8F92 0334 3153 6A42 3791" "6947 BD50 026A E8C8 9AC4 09FD 390E C3FF 927C CC73" "B80B CDE3 19EE 84E0 A353 E7CF FEC8 20F4 B8C0 755A" "AF45 1228 01DA D613 29EF 9570 DCF9 F87B 6DFB CBAE" "A949 B28F 7A96 8063 6CA3 36DE 81D4 980F A170 4726" "70C4 F178 C4AC 36D2 9A3B 52F0 3EFF 4F27 2FB2 CD80" "7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139" "8526 E45F AF83 DE2F 634C 1909 F9A2 F76A 9D1A 0061" "565F 67CD 02BA 29CF 4F5D 5405 E6AD 81A8 B9FB E3CE" "EA29 BBBE 6A41 95E6 EF3C E709 A40E 385D 15B0 B570" "DB3D FC6C 82D3 D79B 4590 F276 0393 B863 8C00 FC18" "5929 601B 7779 956E 0117 749A 515F 1784 FFF0 6A93" "255F 0237 51CF AA0F 3B78 F548 F4EA 6AF9 3465 FC9B" "48A9 B686 96FF FD91 ED9C 5AD8 8982 541D FD08 FE04" "5C68 6B8F D30F A0E6 AB7E 6DAE AAFF 4A5B 3360 64B5" "3289 E2A9 7822 F308 E660 30F0 7DCA C92F 09F8 ECEF" "D95E 9BC9 3D63 42FA 4843 805E 0CA3 2171 3B07 EE13" "2920 868D C0F8 016A A35A A0F8 E429 CCF8 6CE3 3D20" "C8CF 3513 60C3 7394 5178 8AE5 81E7 7EAF 14E2 25A0" "ED57 48AC 0E57 5DD2 49A5 6B84 DB36 CDF3 452F 0C20" "A401 FF99 368F A1F9 8152 DE75 5C80 8C2B 6555 8117" "6E52 010D CDD7 B0BF 7E7D 7531 8728 E982 852A 7097" "D95E 9BC9 3D63 42FA 4843 805E 0CA3 2171 3B07 EE13" "C8CF 3513 60C3 7394 5178 8AE5 81E7 7EAF 14E2 25A0" "1D7F C53F 80F8 52C1 88F4 ED0B 07DC 563D 1F41 B907"Code: Select all
sudo apt-key listI'm mainly leaving this here as a how-to for reminding my future self of this method. If anyone else uses it or benefits from it, that's fine. As I said above though, I agree with the assessment of @Adrian that an expired apt key is not a security risk for any normal user. I would not advise normal users to try this method, as you could easily screw stuff up on your system if you put in the wrong apt-key into the delete command.
However, if you happen to live in a country that tightly controls internet access and/or you are someone who is politically active enough to have made enemies high up in your country's government, this may be a step you would want to take out of an abundance of caution. If you do decide to use this method, do not just copy and paste someone else's command. Take the time to review your apt keys and see which are really expired and make your own list to delete, and check it twice before deleting them. And back up your system before doing it with the MX Snapshot tool or a similar full system backup tool.
