BADSIG for wheezy-proposed-updates/

[David Cheng]

Hi,

Last two days there have been an issues with the gpg signature file for wheezy-proposed-updates archive, It failed to verify the signature file Release.gpg with existing typical gpg public keys. The Error I got are attached below:


[  0%] Getting: dists/wheezy-proposed-updates/Release... 	 #** GET http://ftp.us.debian.org/debian/dists/wheezy-proposed-updates/Release ==>   0%      3%      5%      7%      9%     11%     14%     16%     18%     20%     22%     25%     27%     29%     31%     33%     36%     38%     40%     42%     44%     47%     49%     51%     53%     55%     58%     60%     62%     64%     66%     69%     71%     73%     75%     77%     80%     82%     84%     86%     88%     91%     93%     95%     97%     99%    100%    200 OK
ok
[  0%] Getting: dists/wheezy-proposed-updates/Release.gpg... 	 #** GET http://ftp.us.debian.org/debian/dists/wheezy-proposed-updates/Release.gpg ==>  53%    100%    200 OK
ok
gpgv: Signature made Thu 20 Jul 2017 07:31:09 AM PDT using RSA key ID 46925553
[GNUPG:] BADSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpm...@debian.org>
gpgv: BAD signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpm...@debian.org>"
gpgv: Signature made Thu 20 Jul 2017 07:31:09 AM PDT using RSA key ID 46925553
gpgv: BAD signature from "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpm...@debian.org>"

My debian archive keys in gpg keyrings are listed below, I checked against the Fingerprint for the keys at https://ftp-master.debian.org/keys.html, and all seems normal.
Could anyone help clarify whether the upstream Release.gpg is signed with a new/unannounced key? the file corrupted, or something wrong at my side? Thanks a lot.

------------------------------------
pub   4096R/65FFB764 2012-05-08 [expires: 2019-05-07]
      Key fingerprint = ED6D 6527 1AAC F0FF 15D1  2303 6FB2 A1C2 65FF B764
uid                  Wheezy Stable Release Key <debian-...@lists.debian.org>

pub   4096R/46925553 2012-04-27 [expires: 2020-04-25]
      Key fingerprint = A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553
uid                  Debian Archive Automatic Signing Key (7.0/wheezy) <ftpm...@debian.org>

pub   4096R/518E17E1 2013-08-17 [expires: 2021-08-15]
      Key fingerprint = 75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid                  Jessie Stable Release Key <debian-...@lists.debian.org>

pub   4096R/2B90D010 2014-11-21 [expires: 2022-11-19]
      Key fingerprint = 126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid                  Debian Archive Automatic Signing Key (8/jessie) <ftpm...@debian.org>

pub   4096R/C857C906 2014-11-21 [expires: 2022-11-19]
      Key fingerprint = D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid                  Debian Security Archive Automatic Signing Key (8/jessie) <ftpm...@debian.org>

pub   4096R/1A7B6500 2017-05-20 [expires: 2025-05-18]
      Key fingerprint = 067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
uid                  Debian Stable Release Key (9/stretch) <debian-...@lists.debian.org>

pub   4096R/F66AEC98 2017-05-22 [expires: 2025-05-20]
      Key fingerprint = E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid                  Debian Archive Automatic Signing Key (9/stretch) <ftpm...@debian.org>
sub   4096R/B7D453EC 2017-05-22 [expires: 2025-05-20]

pub   4096R/8AE22BA9 2017-05-22 [expires: 2025-05-20]
      Key fingerprint = 6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid                  Debian Security Archive Automatic Signing Key (9/stretch) <ftpm...@debian.org>
sub   4096R/331F7F50 2017-05-22 [expires: 2025-05-20]
----------------------------------------------------------

Best,
David