On Mon, 2020-08-03 at 17:40 +0200, F!nTcH wrote: > I would like to share my observations and ask you if there is > something wrong about key used to sign the Buster Debian Archive, or > if I missed something in all explanations I've read all around the > Internet. > > But, if I do the same with Buster, it fails ! [...] > gpgv: avec la clef RSA > 067E3C456BAE240ACEE88F6FEF0F382A1A7B6500 > gpgv: issuer "[email protected]" > gpgv: Impossible de vérifier la signature : Pas de clef publique > > The last key seems wrong. We have good signature for Stretch > Automatic and Buster Automatic but not for Buster Stable. A quick > look shows up that the missing key is in fact Stretch Stable, > according to fingerprint.
Oops. Thanks for bringing this to our attention. You are correct that the SRM signature should be from the buster key. We're working with ftp-master to get an additional signature added that uses that key. (So 10.5's release files will have 4 signatures rather than the usual 3.) Regards, Adam
