Your message dated Mon, 18 Aug 2025 16:06:14 +0000
with message-id <[email protected]>
and subject line Bug#1111266: fixed in python-argon2 25.1.0-2
has caused the Debian Bug report #1111266,
regarding python-argon2 upstream tags no longer signed with a GPG key
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111266: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111266
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:python-argon2
Severity: normal
Control: found -1 25.1.0-1
Upstream appears to have stopped using their GPG key to sign git tags
after the release of 23.1.0, but the package still tries to use that
key to verify new upstream releases. This must have already affected
the recently uploaded 25.1.0, which couldn't possibly have been
successfully verified by uscan against the old GPG key.
Upstream git tags are now signed with some SSH key, and upstream
advertises "artifact attestions" using "GitHub's CLI tool" as a method
to verify released files. I'm not sure if either the SSH key or the
github stuff is somehow supported by uscan; either way, verification
using the GPG key in d/upstream/... no longer works and should be
replaced or removed.
pgpXJ_VNu5sAc.pgp
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: python-argon2
Source-Version: 25.1.0-2
Done: Carl Keinath <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-argon2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carl Keinath <[email protected]> (supplier of updated python-argon2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Aug 2025 00:14:46 +0200
Source: python-argon2
Built-For-Profiles: noudeb
Architecture: source
Version: 25.1.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Carl Keinath <[email protected]>
Closes: 1111266
Changes:
python-argon2 (25.1.0-2) unstable; urgency=medium
.
* Team upload.
* Upstream stopped signing tags with GPG after 23.1.0.
* d/watch: disabled GPG-key verification (Closes: #1111266).
* d/upstream/signing-key.asc: removed obsolete GPG key.
Checksums-Sha1:
e882760106cc52569b063f22a20ffcab5a91478e 2472 python-argon2_25.1.0-2.dsc
a2fc02be77aa30322e7e1b38a90657d882d49ba2 4700
python-argon2_25.1.0-2.debian.tar.xz
46d790f2b4be3f9f2fc7e2f7995cf64b67aad451 16047
python-argon2_25.1.0-2_source.buildinfo
Checksums-Sha256:
d9300892d5cd370e5e5b55380c980b1d5347ab1e4f8be79d3801c23570fe9243 2472
python-argon2_25.1.0-2.dsc
50b6131cc3e70b06e0b9d7015d092eaf249b8fc2e33a3f30ba92fd51665e57d8 4700
python-argon2_25.1.0-2.debian.tar.xz
548c52a6f3205b87a984e6f8230d3111b8d44ed3e9ccfcc85c44e7a9fce61922 16047
python-argon2_25.1.0-2_source.buildinfo
Files:
9801a2d5dfd15c7b195a28c96a4439ba 2472 python optional
python-argon2_25.1.0-2.dsc
5864fd6b509025ab92ab725ec152ea0b 4700 python optional
python-argon2_25.1.0-2.debian.tar.xz
c963b557a42818fbb2cc02853a123e23 16047 python optional
python-argon2_25.1.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEd8lhnEnWos3N8v+qQoMEoXSNzHoFAmijSg4ACgkQQoMEoXSN
zHr72g//Wbw0erGNOXCtQR0LsEvpRw0ESMD7wP/mh8UCHVK093hoA4EobPBSoVAS
lVSRG+FM75U8ScWCgfsRKTFX6mCHiNymNP3ViX7i05/dnnHCp7Kctcy5GMiVZerr
fn9sRA3MeXZY3kGa08f135tT7iyqxvLpxiyZ3IL/dtQ0nb8LsuVLSnSKHLjkQEYb
GY3sz2gh4cfhJSNgehOc+ITYnwihVc6DhDT6AFrpLPX30JVH4gP1URHCnUssULe8
UKwPCnRLfQQ5tciW2X9uJK0OWrN14t0MVMKZK/RvW+2YLOeXXcngM8wRHxBRYuFk
Vm3dCX/tDL3/xO6CJoBOGEOMxcFkv66XpfyNj8eIcz3q2qLjFh1+jxEUzBxRGiak
yRxn7fkKbW7BsYFR87ZjYcLZRLVHpqU1jbyu0F9lUumnscb3NYmC4Gl7so7DHKzG
+bXUWEJ/HdY4rdmmS0ImOuOQR3X0ORBl5rOtCEhNHYGJWIOwkCSHdV/OaJUWO7Iq
41KdMPGF2mjzyChTSGIdAv4MGW1gKjtyTbFCPa/7xAGyp1DSklsCT/sT98wLgimt
q8yDQ3wsR6TwFBW3oXNymBhIZwGgFjUClcEthCRN2qAQtKW3S/2L2F8JhDDKBTH0
dXEZ+PuOANksuDf1C468XuR5/g8OryuT6pQw+pTX66womFh5yxw=
=pEhH
-----END PGP SIGNATURE-----
pgpOUaKxhaQiJ.pgp
Description: PGP signature
--- End Message ---
