On Sat 2020-09-05 17:09:06 +0200, Guillem Jover wrote: > I was trying out sqv, to potentially add native support for it into > dpkg-dev, but either it does not work as expected or I'm confused by > the docs. :) > > $ apt source libbsd > $ sqv -v --keyring libbsd-0.10.0/debian/upstream/signing-key.asc \ > libbsd_0.10.0.orig.tar.xz.asc libbsd_0.10.0.orig.tar.xz > Missing key 4F3E74F436050C10F5696574B972BF3EA4AE57A3, which is needed to > verify signature. > 0 of 1 signatures are valid (threshold is: 1). > $ sqv -v --keyring /usr/share/keyrings/debian-keyring.gpg \ > libbsd_0.10.0.orig.tar.xz.asc libbsd_0.10.0.orig.tar.xz > 4F3E74F436050C10F5696574B972BF3EA4AE57A3 > 1 of 1 signatures are valid (threshold is: 1).
I forwarded this to upstream at https://gitlab.com/sequoia-pgp/sequoia/-/issues/585, and Justus there suggests that the problem is that the OpenPGP certificate in libbsd-0.10.0/debian/upstream/signing-key.asc is not up-to-date. With a refreshed version of the certificate, it appears to work. So i don't think this is a bug in sqv, and i'm closing the ticket. Feel free to reopen if you think that there is still a problem! --dkg
signature.asc
Description: PGP signature
