* Ritesh Raj Sarraf <r...@debian.org> [250317 11:08]:
I've managed to prepare a fix for this issue. But am having some issues
with the upload.
Possibly, something recent with how keys are managed.
@ dupload bpfcc_0.31.0+ds-5_source.changes
dupload note: no announcement will be sent.
Checking OpenPGP signatures on bpfcc_0.31.0+ds-5_source.changes...
Using keyring: /usr/share/keyrings/debian-keyring.gpg
Using keyring: /usr/share/keyrings/debian-nonupload.gpg
Using keyring: /usr/share/keyrings/debian-maintainers.gpg
Signing key on 43DEF582F9E67111CE008917F2F11C23F00A2BE6 is not bound:
Error: Policy rejected non-revocation signature (SubkeyBinding) requiring
second pre-image resistance
because: SHA1 is not considered secure since 2023-02-01T00:00:00Z
0 authenticated signatures, 1 bad key.
Error: Verification failed: could not authenticate any signatures
openpgp-check: error: cannot verify OpenPGP signature for
bpfcc_0.31.0+ds-5_source.changes: no acceptable signature found
dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed for
bpfcc_0.31.0+ds-5_source.changes
and
@ dput bpfcc_0.31.0+ds-5_source.changes
Uploading bpfcc using ftp to ftp-master (host: ftp.upload.debian.org;
directory: /pub/UploadQueue/)
running allowed-distribution: check whether a local profile permits uploads to
the target distribution
running protected-distribution: warn before uploading to distributions where a
special policy applies
running checksum: verify checksums before uploading
running suite-mismatch: check the target distribution for common errors
running gpg: check GnuPG signatures before the upload
Uploading bpfcc_0.31.0+ds-5.dsc
Could not upload file bpfcc_0.31.0+ds-5.dsc: 229 Extended Passive Mode Entered
(|||65245|).
I'll try figure out the reason of this failure. Just wanted to keep you
informed that the issue is being taken care of.
You might be workaround this by using an older dupload/dput, which
still uses gpg, or maybe by changing the crypto policy [1].
There might also be a possibility to update your key to use a
stronger hash (using sqv). However I don't know what effect this has
on your key in the Debian ecosystem.
Chris
[1] https://unix.stackexchange.com/a/789406
