On Tue, Apr 28, 2015 at 08:07:54AM +1000, J wrote: > With the release of Jessie, this bug has recurred. > > Jonathan McDowell <[email protected]> wrote: > > I don't believe it's appropriate to do a keyring update to stable for > > this; by the nature of PGP the keyring package will never be up-to-date > > Probably true, although it should not be too much effort to update > debian-keyring once when each release comes out, or just before. > > > the keyserver network provides a well established method of obtaining it > > The key is currently reported as not on the keyserver: > > $ gpg --keyserver keyring.debian.org --recv-keys 6294BE9B > gpg: requesting key 6294BE9B from hkp server keyring.debian.org > gpgkeys: key 6294BE9B not found on keyserver > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > > So currently there does not appear to be any way to verify the > SHA256SUMS file, even though the role keys were recently updated: > > $ ls -la /usr/share/keyrings/debian-role-keys.gpg > -rw-r--r-- 1 root root 180084 Apr 10 19:07 > /usr/share/keyrings/debian-role-keys.gpg > > Could somebody please update the debian-keyring to include whatever key > was used to sign the CDs this time around?
The Debian role keys are not served up by keyring.debian.org; if you want to obtain the key from a keyserver use the normal keyserver network. 0xDA87E80D6294BE9B is correctly in the debian-role-keys.gpg file provided by debian-keyring in jessie and later. J. -- Web [ Wake up, wake up dead man. ] site: http:// [ ] Made by www.earth.li/~noodles/ [ ] HuggieTag 0.0.24
signature.asc
Description: Digital signature
