Hi there, Here is what I see when I try to update libkcapi upstream package (Debian/buster):
$ uscan --verbose --force-download --rename [...] uscan info: Downloading OpenPGP signature from http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc (pgpsigurlmangled) as libkcapi-1.1.5.tar.xz.asc uscan info: Requesting URL: http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc uscan info: Verifying OpenPGP signature ../libkcapi-1.1.5.tar.xz.asc for ../libkcapi-1.1.5.tar.xz uscan info: Execute: gpgv --homedir /dev/null --keyring /tmp/VZrTWy04zw/trustedkeys.gpg ../libkcapi-1.1.5.tar.xz.asc ../libkcapi-1.1.5.tar.xz... gpgv: Signature made Wed 31 Jul 2019 10:01:53 AM CEST gpgv: using RSA key 3BCC43D4D2C87D1784B69EE4421EE936326AC15B gpgv: Can't check signature: No public key uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 58. Indeed there something that has changed with gpg: $ wget http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz.asc $ wget http://www.chronox.de/libkcapi/libkcapi-1.1.5.tar.xz $ gpg --verify libkcapi-1.1.5.tar.xz.asc gpg: assuming signed data in 'libkcapi-1.1.5.tar.xz' gpg: Signature made Wed 31 Jul 2019 10:01:53 AM CEST gpg: using RSA key 3BCC43D4D2C87D1784B69EE4421EE936326AC15B gpg: Can't check signature: No public key $ gpg --show-key libkcapi-1.1.5.tar.xz.asc gpg: no valid OpenPGP data found. Where: $ file libkcapi-1.1.5.tar.xz.asc libkcapi-1.1.5.tar.xz.asc: PGP signature Signature (old) I have not been able to find much help from the uscan documentation: https://wiki.debian.org/debian/watch#pgpsigurlmangle What did I miss ? Thanks for pointers, -M
