Package: sqopv
Version: 0.37.2-2
Severity: important

With sqopv installed, uscan fails to verify some signed Git tags for
which the signature is accepted by gpgv and rsopv.

For example, using the attached files:

$ gpg --dearmor < keyring.asc > keyring.pgp
$ gpgv --keyring ./keyring.pgp signature plaintext
gpgv: Signature made Fri 08 Aug 2025 14:09:09 CEST
gpgv:                using RSA key 4CDE8575E547BF835FE15807A31B6BD72486CFD6
gpgv: Good signature from "Josh Boyer <[email protected]>"
gpgv:                 aka "Josh Boyer <[email protected]>"
gpgv:                 aka "Josh Boyer <[email protected]>"
gpgv:                 aka "Josh Boyer <[email protected]>"
$ rsopv verify signature keyring.asc < plaintext
2025-08-08T12:09:09Z 4cde8575e547bf835fe15807a31b6bd72486cfd6 
4cde8575e547bf835fe15807a31b6bd72486cfd6 mode:binary {"signers":["keyring.asc"]}
$ sqopv verify signature keyring.asc < plaintext
           No acceptable signatures found

Ben.

-- System Information:
Debian Release: forky/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.16.11+deb14-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sqopv depends on:
ii  libbz2-1.0      1.0.8-6
ii  libc6           2.41-12
ii  libgcc-s1       15.2.0-4
ii  libgmp10        2:6.3.0+dfsg-5
ii  libhogweed6t64  3.10.2-1
ii  libnettle8t64   3.10.2-1
ii  libsqlite3-0    3.46.1-8

Versions of packages sqopv recommends:
ii  sopv-doc  1.1.1-1

sqopv suggests no packages.

-- debconf-show failed

Attachment: keyring.asc
Description: application/pgp-keys

object 1ce2da4d7b91140cc3ac8698747fddb677cdf91a
type commit
tag 20250808
tagger Josh Boyer <[email protected]> 1754654941 -0400

This is the 20250808 release

Attachment: signature
Description: PGP signature

Reply via email to