On Wed, Jan 21, 2026 at 02:58:36PM -0500, Thomas Dickey wrote: > On Wed, Jan 21, 2026 at 07:12:31PM +0100, Sven Joachim wrote: > > On 2026-01-20 14:58 -0500, Thomas Dickey wrote: > > > > > Now I updated > > > > > > https://invisible-island.net/public/[email protected] > > > > > > from the file which I generated on Saturday. > > > > Thanks. Unfortunately I ran into a new problem with this key, the sqv > > tool (which dpkg-source uses by default) complains about existing > > signatures: > > > > ,---- > > | $ wget -q > > https://invisible-mirror.net/archives/ncurses/current/tack-1.11-20251210.tgz > > | $ wget -q > > https://invisible-mirror.net/archives/ncurses/current/tack-1.11-20251210.tgz.asc > > | $ wget -q > > https://invisible-mirror.net/public/[email protected] > > > > | $ LANG=C sqv --keyring [email protected] > > tack-1.11-20251210.tgz.asc tack-1.11-20251210.tgz > > | Signing key on 19882D92DDA4C400C22C0D56CC2AF4472167BE03 is not bound: > > | No binding signature at time 2025-12-11T01:25:41Z > > | because: No binding signature at time 2025-12-11T01:25:41Z > > | $ echo $? > > | 1 > > `---- > > > > When I merge the expired key and the new one with "sq keyring merge", > > the complaints stop. > > > > Apparently this problem does not show up with gpg instead of sq/sqv, any > > ideas? > > no - I'm not familiar with sqv. Any clues would help. I'll read about it, > but as usual, there are distractions...
I suppose gpg is able to see that the renewed key is a continuation of the expired key, but sq/sqv does not do that. Looking for differences/incompatibilities, I don't see much - https://forums.kicksecure.com/t/sequoia-pgp-gpg-replacement-openpgp/260/6 (presumably if I made another snapshot and signed that with the renewed key, sq/sqv would work) -- Thomas E. Dickey <[email protected]> https://invisible-island.net
signature.asc
Description: PGP signature
