diff --git a/Dockerfile b/Dockerfile
index 9ed82e39c3167b33e0545f113b071813720e7197..bfb43d15f0aa9edc2602b67572b703f77534d09e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,6 @@
 FROM debian:stretch
 
+ARG IGNORE_EXPIRY=0
 ENV LANG=C.UTF-8
 ENV DEBIAN_FRONTEND=noninteractive
 
diff --git a/README.md b/README.md
index 6f7ea3ecacde5229a0f3b94e1387365a2841b0b6..3899be0e42009f536d3c2be305baa56f6dbb9f97 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,14 @@ Build our Docker image:
 
     docker build -t briar/go-reproducer go-reproducer
 
+Building the image might fail due to expired Debian packages.
+You can disable the expiry check by adding a build argument:
+
+    docker build --build-arg IGNORE_EXPIRY=1 -t briar/go-reproducer go-reproducer
+
+However, note that this might expose the build process to MITM attacks
+which inject outdated vulnerable packages.
+
 ### Run the verification
 
 To verify a specific version of obfs4proxy, run
diff --git a/install.sh b/install.sh
index a81614d677898d632d8c72c4de02c98f567a871c..37f2413680cfdbed185ff5a2414a7c7d3f3b5b78 100755
--- a/install.sh
+++ b/install.sh
@@ -3,12 +3,18 @@ set -e
 set -x
 
 # use snapshot repos for deterministic package versions
-DATE="20190206T120000Z"
+DATE="20190219T000000Z"
 cat << EOF > /etc/apt/sources.list
 deb http://snapshot.debian.org/archive/debian/${DATE}/ stretch main
 deb http://snapshot.debian.org/archive/debian-security/${DATE}/ stretch/updates main
 EOF
 
+# ignore expired package releases if env variable is set
+if [[ "${IGNORE_EXPIRY}" = "1" ]]
+then
+    echo 'Acquire::Check-Valid-Until "0";' >> /etc/apt/apt.conf.d/10-ignore-expiry
+fi
+
 # update package sources
 apt-get update
 apt-get -y upgrade