Your message dated Wed, 05 Aug 2009 10:40:43 +0200
with message-id <[email protected]>
and subject line Re: Bug#539701: keyring.d.o updates do not make it to
ftp-master, package uploads rejected
has caused the Debian Bug report #539701,
regarding keyring.d.o updates do not make it to ftp-master, package uploads
rejected
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
539701: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539701
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ftp.debian.org
Severity: normal
about three weeks ago i've realized that i didn't send my
subkey-expiry-updated key 42BD645D to keyring.d.o, just to subkeys.pgp.net
(from where it apparently doesn't make it onto keyring.d.o).
i've corrected this mistake more than a week ago, and keyring serves
the updated key.
however, ftp-master (and merkel) still have the old key and therefore
refuse to process my package uploads.
a...@merkel:~$ cat
/srv/ftp.debian.org/queue/reject/duplicity_0.6.03-2_i386.reason
Rejected: Signature made by expired key 0xA72FF66C42BD645D
Rejected: The key used to sign duplicity_0.6.03-2_i386.changes has expired on
2009-06-18
(where does that old key come from? i have no idea, the
timestamp on /var/lib/misc/thishost/debian-keyring.gpg is current but the
content isn't.)
regards
az
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (990, 'stable'), (980, 'testing'), (970, 'unstable')
Architecture: i386 (i686)
--- End Message ---
--- Begin Message ---
>>You have to talk to keyring-maint. Importing key changes into the
>>official keyring is not done automagically. It is also nothing ftpmaster
>>can do.
> you misunderstood me: dak on ftp-master does not use the
> official keyring package,
I didnt say we use the package. We use the official keyring. We use
whatever keyring maint provides DSA to put on all .debian.org machines.
> as far as i know we're still expected to handle key expiration updates
> by gpg-send-key'ing them to keyring.d.o, which i did
Yes.
> - but which dak ignores.
No. Which keyring-maint has to accept before they are put into the keyring.
> very different files indeed, so the debian-keyring package has nothing
> to do with what dak uses.
I never said we use the package.
> sub 1600g/2C25A9D4 2001-12-09 [expired: 2009-06-18]
> ^^^^^ and what dak uses is outdated.
Nothing I can do for you.
> a...@merkel:~$ gpg --recv-key --keyserver keyring.debian.org 42BD645D
> gpg: requesting key 42BD645D from hkp server keyring.debian.org
> gpg: key 42BD645D: public key "Alexander Zangerl <[email protected]>"
> imported
> a...@merkel:~$ gpg --list-keys -v 42BD645D
> sub 1600g/2C25A9D4 2001-12-09 [expires: 2011-08-03]
> ^^^^^ and that is what keyring.debian.org says.
Where the public view shows you the updated keyring, but before those
changes make it into the officially distributed one, keyring-maint has
to do a manual step.
--
bye, Joerg
<Keybuk> one imagines he'll be campaigning with a grass-roots "free auric"
stance
<Keybuk> or possibly "kill DanielS"
<ElectricElf> Hmm, both powerful platforms.
--- End Message ---
