On Sun, 2008-03-16 at 15:34 +0100, Bernd Zeimetz wrote: > I'm no gpg expert, but imho things are fine here: > > 0 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$ gpg --recv-keys D0428836 [...] > 0 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$ dget -x > http://mentors.debian.net/debian/pool/main/g/groundhog/groundhog_1.4-9.dsc > dget: retrieving [...] > dscverify: groundhog_1.4-9.dsc failed signature check: > gpg: Signature made Sun 09 Mar 2008 08:08:55 PM CET using RSA key ID > D0428836 > gpg: Can't check signature: public key not found > Validation FAILED!! > 1 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$ gpg --verify > groundhog_1.4-9.dsc > gpg: Signature made Sun 09 Mar 2008 08:08:55 PM CET using RSA key ID D0428836
dscverify by default only uses the Debian DD and DM keyrings (as distributed in the debian-keyring and debian-maintainer packages) for verification, so it won't find keys that exist only in your personal keyring. If you add "DSCVERIFY_KEYRINGS=~/.gnupg/pubring.gpg" to ~/.devscripts does dget then succeed? If so then the behaviour you're seeing is "by design"; see #469246 for a request to make dget's handling of signatures more configurable. Regards, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]