Debian reprepro signing key is 5BCF1346 or 7840E7610F28B904753549D767ECE5605BCF1346 If you do all this SEVERAL DAYS BEFORE the key expires, then users will pull the updated i2p-keyring package, and all will go smoothly. to update expiration -------------------- 1) Update the GPG key gpg --edit-key 5BCF1346 list key 0 expire 13m key 1 (subkey 3CAB5E06) expire 13m save 2) Backup If you didn't do the above on deb.i2p2.de, import the public key with the new expiration to the gpg there Also import the new 59683006 key there if it's been renewed since last time. If you did do the above on deb.i2p2.de, import the public key with the new expiration to your own box gpg --export -a 7840E7610F28B904753549D767ECE5605BCF1346 > i2p-debian-repo.key.asc scp i2p-debian-repo.key.asc ... gpg --import i2p-debian-repo.key.asc 3) Send to key server gpg --keyserver foo --send-keys 5BCF1346 keyservers: pool.sks-keyservers.net, pgp.mit.edu, keys.gnupg.net 4) Put the new public key files on the website These files are linked from https://geti2p.net/debian gpg --export -a 7840E7610F28B904753549D767ECE5605BCF1346 > i2p-debian-repo.key.asc copy file to git i2p.www i2p2www/static/i2p-debian-repo.key.asc gpg --export 7840E7610F28B904753549D767ECE5605BCF1346 > i2p-archive-keyring.gpg copy file to git i2p.www i2p2www/static/i2p-archive-keyring.gpg check in both and push 5) i2p-keyring package update gpg --export -a 7840E7610F28B904753549D767ECE5605BCF1346 > keys/official_repo.key checkout git i2p.keyring.i2p branch Update debian/changelog Update Extended.Version in build.xml check in and push Now build the new package: ant debian-binary ant debian-tarball cd ../i2p-keyring-201x.xx.xx/ debuild -S -sa -k85F345DD59683006 Copy these files to a temp dir on the reprepro server: i2p-keyring_201x.xx.xx.dsc i2p-keyring_201x.xx.xx.tar.gz i2p-keyring_201x.xx.xx_all.deb i2p-keyring_201x.xx.xx_source.build i2p-keyring_201x.xx.xx_source.changes Now add the updated package to reprepro: reprepro -v includedeb wheezy i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb jessie i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb stretch i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb buster i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb sid i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb precise i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb trusty i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb xenial i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb bionic i2p-keyring_201x.xx.xx_all.deb reprepro -v includedeb focal i2p-keyring_201x.xx.xx_all.deb ...and newer reprepro -v includedsc wheezy i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc jessie i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc stretch i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc buster i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc sid i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc precise i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc trusty i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc xenial i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc bionic i2p-keyring_201x.xx.xx.dsc reprepro -v includedsc focal i2p-keyring_201x.xx.xx.dsc ...and newer review changes: reprepro ls i2p-keyring 6) Announce Add a note to /var/www/debian/index.php If you did all this before the old key expired, everything is good. If not, you may have to tell people to download the key used to sign the repository and add it to apt: wget https://geti2p.net/_static/i2p-debian-repo.key.asc sudo apt-key add i2p-debian-repo.key.asc sudo apt-get update