Hi Nicholas, Nicholas D Steeves <s...@debian.org> writes:
> Control: owner -1 ! > > Xiyue Deng <manp...@gmail.com> writes: > >> [ Xiyue Deng ] >> * New upstream release. >> * Re-export upstream signing key without extra signatures. > > $ uscan --download-current-version > Newest version of persist-el on remote site is 0.6, specified download > version is 0.6 > gpgv: Signature made Sat 13 Jan 2024 05:05:03 EST > gpgv: using RSA key C433554766D3DDC64221BFAA066DAFCB81E42C40 > gpgv: Good signature from "GNU ELPA Signing Agent (2019) > <elpas...@elpa.gnu.org>" > gpgv: Signature made Sat 13 Jan 2024 05:05:03 EST > gpgv: using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966 > gpgv: Can't check signature: No public key > uscan die: OpenPGP signature did not verify. at > /usr/share/perl5/Devscripts/Uscan/Output.pm line 77. I have been in contact with upstream maintainer Joseph Turner <persist...@breatheoutbreathe.in> about this issue. He replied that he recently took over the maintenance of persist and was not aware about this key either. I have followed his suggestion and filed a bug report to bug-gnu-em...@gnu.org about this issue[1]. Meanwhile, as the RSA key signature is good, I resorted to use "uscan --skip-signature" to get the current version, dropped the GFDL document source and repacked the source tarball. Hope this process sounds ok to you. -- Xiyue Deng [1] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=70003
