Hi,
On 18/02/2021 12:04, Holger Levsen wrote:
On Thu, Feb 18, 2021 at 10:34:57AM +0100, Sylvain Beucler wrote:
Let's wait a bit more to understand what exactly is blocking.
I've went ahead and uploaded your upload (after confirming sigs and debdiff..)
because researching the past (and present) is not really related to getting this
security fix uploaded.
For the record, I only suggested waiting because this was a non-urgent
upload (i.e. a batch of medium CVEs that had piled up) :)
Thanks again for sponsoring the upload promptly.
In addition I exported my GPG key/sigs there, and it's also available at
db.debian.org/keyring.debian.org :)
can you upload to unstable with that key?
Still for the record, Raphaƫl suggested checking the various boxes that
import the keyring (I found that quantz does), so as to check a similar
setup to security-master's, e.g.
$ gpg --keyring /srv/keyring.debian.org/keyrings/debian-keyring.gpg \
--list-keys EE887356CD2F16A0
https://keyring.debian.org/ also has information about the current state
of the keyring (which is different than the hkp server's):
- https://salsa.debian.org/debian-keyring/keyring/
- rsync -av keyring.debian.org::keyrings/ keyrings/
In this particular case, the initial key import was done without renewal
signatures (hence expired). I contacted the keyring team twice meanwhile
but got no answer. AFAICS this is eventually fixed with yesterday's
monthly hkp sync.
Cheers!
Sylvain