On 11.12.20 16:13, Kern Sibbald wrote:
The individual .sig files are all available in the download area
directly. The bacula-sig tar file is for convenience, and is the only one
that is listed in the WordPress download area. We have been doing it
that way for years. Perhaps you misunderstood my email -- I have
replaced all the .sig files with the correct version.
Hmm, then the SF:net system lied to you, because when I look at
https://sourceforge.net/projects/bacula/files/bacula/9.6.7/ the only
changed file is bacula-sigs-9.6.7.tar.gz.
https://sourceforge.net/projects/bacula/files/bacula/9.6.7/bacula-9.6.7.tar.gz.sig
is still the same as before, containing the signature made with
16FCF91DCBDA197436ACA721CAA7F07F2911863C
And thus, uscan (the tool to download and verify upstream releases)
correctly complains about this:
uscan: => Newer package available from:
=> https://qa.debian.org/watch/sf.php/bacula/bacula-9.6.7.tar.gz
uscan info: Downloading upstream package: bacula-9.6.7.tar.gz
uscan info: Requesting URL:
https://qa.debian.org/watch/sf.php/bacula/bacula-9.6.7.tar.gz
uscan info: Successfully downloaded package: bacula-9.6.7.tar.gz
uscan info: Downloading OpenPGP signature from:
https://qa.debian.org/watch/sf.php/bacula/bacula-9.6.7.tar.gz.sig
(pgpsigurlmangled)
as bacula-9.6.7.tar.gz.sig
uscan info: Requesting URL:
https://qa.debian.org/watch/sf.php/bacula/bacula-9.6.7.tar.gz.sig
uscan info: Verifying OpenPGP signature ../bacula-9.6.7.tar.gz.sig for
../bacula-9.6.7.tar.gz
gpgv: Signature made Do 10 Dez 2020 14:59:56 CET
gpgv: using RSA key 16FCF91DCBDA197436ACA721CAA7F07F2911863C
gpgv: issuer "k...@bacula.org"
gpgv: Can't check signature: No public key
uscan die: OpenPGP signature did not verify. at
/usr/share/perl5/Devscripts/Uscan/Output.pm line 60.
Grüße,
Sven
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
