On 09-Jul-2009, Ben Finney wrote: > What is the correct solution to this bug? > > I don't know what are the ongoing effects of my key in the > ‘debian-maintainers’ keyring having expired, but the solution is not > to have the key owner endlessly generating special keys only for > this one package every time the key is updated.
My package uploads to ‘ftp.upload.debian.org’ are now failing with the following error message: ===== Date: Sat, 04 Jul 2009 23:41:31 +0000 From: Archive Administrator <[email protected]> Subject: Processing of python-coverage_3.0-1_source.changes To: [email protected] Message-Id: <[email protected]> Sender: Archive Administrator <[email protected]> GnuPG signature check failed on python-coverage_3.0-1_source.changes gpg: Signature made Sat Jul 4 23:07:05 2009 UTC using DSA key ID 7D1A1B79 gpg: Can't check signature: public key not found (Exit status 2) /python-coverage_3.0-1_source.changes has bad PGP/GnuPG signature! Removing /python-coverage_3.0-1_source.changes, but keeping its associated files for now. ===== Presumably this is because the ‘debian-maintainers’ keyring does not have a valid key. > Instead, I should be able to send my updated key *as is* to the > keyring, and have it accepted and processed correctly. How can this > be achieved? Aníbal suggests this will need effort from ftpmasters, > but I don't know what needs to be done or what package the bug > should be against. How do we address this so that I don't need to keep generating a just-for-Debian version of my key, and can instead update the keyring with the same key that works everywhere else? -- \ “You say “Carmina”, and I say “Burana”, You say “Fortuna”, and | `\ I say “cantata”, Carmina, Burana, Fortuna, cantata, Let's Carl | _o__) the whole thing Orff.” —anonymous | Ben Finney <[email protected]>
signature.asc
Description: Digital signature
