reopen 497825 thanks Daniel Leidert schrieb am Donnerstag, dem 17. Juni 2010:
> This report misses the requested information for more than a year. We > are still not able to reproduce a difference in the behavior gpgv and > gpg. | wea...@intrepid:~/tmp$ wget -nv http://snapshot.debian.org/archive/debian-volatile/20090903T013716Z/dists/etch/volatile/Release{.gpg,} | 2010-06-17 20:09:56 URL:http://snapshot.debian.org/archive/debian-volatile/20090903T013716Z/dists/etch/volatile/Release.gpg [189/189] -> "Release.gpg" [1] | 2010-06-17 20:09:57 URL:http://snapshot.debian.org/archive/debian-volatile/20090903T013716Z/dists/etch/volatile/Release [40688/40688] -> "Release" [1] | FINISHED --2010-06-17 20:09:57-- | Downloaded: 2 files, 40K in 0s (76139 GB/s) | wea...@intrepid:~/tmp$ mkdir gnupghome | wea...@intrepid:~/tmp$ export GNUPGHOME=gnupghome | wea...@intrepid:~/tmp$ chmod go-rwx gnupghome | wea...@intrepid:~/tmp$ gpg | gpg: keyring `gnupghome/secring.gpg' created | gpg: keyring `gnupghome/pubring.gpg' created | gpg: Go ahead and type your message ... | ^C | gpg: Interrupt caught ... exiting | | wea...@intrepid:~/tmp$ gpg --keyserver keys.gnupg.net --recv BBE55AB3 | gpg: requesting key BBE55AB3 from hkp server keys.gnupg.net | gpg: gnupghome/trustdb.gpg: trustdb created | gpg: key BBE55AB3: public key "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" imported | gpg: no ultimately trusted keys found | gpg: Total number processed: 1 | gpg: imported: 1 | wea...@intrepid:~/tmp$ | wea...@intrepid:~/tmp$ gpg --list-key BBE55AB3 | pub 1024D/BBE55AB3 2007-03-31 [expired: 2010-03-30] | uid Debian-Volatile Archive Automatic Signing Key (4.0/etch) | | wea...@intrepid:~/tmp$ cp gnupghome/pubring.gpg gnupghome/trustedkeys.gpg | wea...@intrepid:~/tmp$ | wea...@intrepid:~/tmp$ | wea...@intrepid:~/tmp$ gpg --status-fd 2 --verify Release.gpg Release | gpg: Signature made Thu Sep 3 03:35:17 2009 CEST using DSA key ID BBE55AB3 | [GNUPG:] KEYEXPIRED 1269969909 | [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead | [GNUPG:] KEYEXPIRED 1269969909 | [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead | [GNUPG:] SIG_ID PloukF3ViGb7cZ/IkkSl6SbbY1g 2009-09-03 1251941717 | [GNUPG:] KEYEXPIRED 1269969909 | [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead | [GNUPG:] EXPKEYSIG EC61E0B0BBE55AB3 Debian-Volatile Archive Automatic Signing Key (4.0/etch) | gpg: Good signature from "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" | [GNUPG:] VALIDSIG 6039406A4EDCE124CF087B0AEC61E0B0BBE55AB3 2009-09-03 1251941717 0 3 0 17 2 00 6039406A4EDCE124CF087B0AEC61E0B0BBE55AB3 | gpg: Note: This key has expired! | Primary key fingerprint: 6039 406A 4EDC E124 CF08 7B0A EC61 E0B0 BBE5 5AB3 no GOODSIG -> signature is not valid. | wea...@intrepid:~/tmp$ gpgv Release.gpg Release | gpgv: Signature made Thu Sep 3 03:35:17 2009 CEST using DSA key ID BBE55AB3 | gpgv: Good signature from "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" | wea...@intrepid:~/tmp$ echo $? | 0 exit code 0 -> signature is valid. At the risk of repeating myself, this means that gpg and gpgv disagree on what is a valid signature. This is gnupg and gpgv both at version 1.4.10-2~bpo50+1. -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
