The GPG keys for signing the LiveConfig packages and repositories are replaced every three years for security reasons.
From today, a new GPG key is used:
Key name: LiveConfig Package Signer <email@example.com>
Key ID old: 08708961 (2048 bit, valid until 2017/11/05)
Key ID new: 3A2B2840 (4096 bit, valid until 2020/09/19)
The new key was already installed automatically with LiveConfig v2.5.0. For older installations, the key must be updated manually:
wget -O - https://www.liveconfig.com/liveconfig.key | apt-key add -
rpm --import https://www.liveconfig.com/liveconfig.key
When not updating the key, you'll get an error message when trying to update LiveConfig packages - on Debian for example like this:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.liveconfig.com main InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E73A23BF3A2B2840
W: Failed to fetch http://repo.liveconfig.com/debian/dists/main/InRelease:
W: Some index files failed to download. They have been ignored, or old ones used instead.