Sometimes you are trying to install stuff from a really ancient repository that sometimes don’t have the necessary security functions in place, looking at you ‘HP Software Delivery Repository for mcp’, while this is generally a bad idea you can force apt to ignore the safety checks, and what could possibly wrong by doing it :), by appending “-o Acquire::Check-Valid-Until=false -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true” at the end of your apt command.
apt update -o Acquire::Check-Valid-Until=false -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true
If you want a more permanent solution you can disable the checks permanently with:
echo -e 'Acquire::Check-Valid-Until "false";\nAcquire::AllowInsecureRepositories "true";\nAcquire::AllowDowngradeToInsecureRepositories "true";' | tee /etc/apt/apt.conf.d/99-enable-unsecure-repos
Sources:
http://manpages.ubuntu.com/manpages/xenial/en/man8/apt-get.8.html
https://stackoverflow.com/questions/17128602/apt-get-identify-all-old-version-numbers-of-a-package
https://unix.stackexchange.com/questions/2544/how-to-work-around-release-file-expired-problem-on-a-local-mirror
https://askubuntu.com/questions/74345/how-do-i-bypass-ignore-the-gpg-signature-checks-of-apt