With the release of Jessie, this bug has recurred. Jonathan McDowell <[email protected]> wrote: > I don't believe it's appropriate to do a keyring update to stable for > this; by the nature of PGP the keyring package will never be up-to-date
Probably true, although it should not be too much effort to update debian-keyring once when each release comes out, or just before. > the keyserver network provides a well established method of obtaining it The key is currently reported as not on the keyserver: $ gpg --keyserver keyring.debian.org --recv-keys 6294BE9B gpg: requesting key 6294BE9B from hkp server keyring.debian.org gpgkeys: key 6294BE9B not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 So currently there does not appear to be any way to verify the SHA256SUMS file, even though the role keys were recently updated: $ ls -la /usr/share/keyrings/debian-role-keys.gpg -rw-r--r-- 1 root root 180084 Apr 10 19:07 /usr/share/keyrings/debian-role-keys.gpg Could somebody please update the debian-keyring to include whatever key was used to sign the CDs this time around? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
