Package: sqopv Version: 0.37.2-2 Severity: important With sqopv installed, uscan fails to verify some signed Git tags for which the signature is accepted by gpgv and rsopv.
For example, using the attached files: $ gpg --dearmor < keyring.asc > keyring.pgp $ gpgv --keyring ./keyring.pgp signature plaintext gpgv: Signature made Fri 08 Aug 2025 14:09:09 CEST gpgv: using RSA key 4CDE8575E547BF835FE15807A31B6BD72486CFD6 gpgv: Good signature from "Josh Boyer <[email protected]>" gpgv: aka "Josh Boyer <[email protected]>" gpgv: aka "Josh Boyer <[email protected]>" gpgv: aka "Josh Boyer <[email protected]>" $ rsopv verify signature keyring.asc < plaintext 2025-08-08T12:09:09Z 4cde8575e547bf835fe15807a31b6bd72486cfd6 4cde8575e547bf835fe15807a31b6bd72486cfd6 mode:binary {"signers":["keyring.asc"]} $ sqopv verify signature keyring.asc < plaintext No acceptable signatures found Ben. -- System Information: Debian Release: forky/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.16.11+deb14-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sqopv depends on: ii libbz2-1.0 1.0.8-6 ii libc6 2.41-12 ii libgcc-s1 15.2.0-4 ii libgmp10 2:6.3.0+dfsg-5 ii libhogweed6t64 3.10.2-1 ii libnettle8t64 3.10.2-1 ii libsqlite3-0 3.46.1-8 Versions of packages sqopv recommends: ii sopv-doc 1.1.1-1 sqopv suggests no packages. -- debconf-show failed
keyring.asc
Description: application/pgp-keys
object 1ce2da4d7b91140cc3ac8698747fddb677cdf91a type commit tag 20250808 tagger Josh Boyer <[email protected]> 1754654941 -0400 This is the 20250808 release
signature
Description: PGP signature
