Your message dated Tue, 18 Mar 2008 20:43:11 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#471186: dscverify: gpg validation fails if signature
was done with a subkey
has caused the Debian Bug report #471186,
regarding [dscverify] Fails work with subkey signatures?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
471186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471186
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: devscripts
Version: 2.10.18.1
Severity: normal
I'm no gpg expert, but imho things are fine here:
0 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$ gpg --recv-keys D0428836
gpg: requesting key D0428836 from hkp server pool.sks-keyservers.net
gpg: key 34A26946: "Ying-Chun Liu (PaulLiu) <[EMAIL PROTECTED]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
0 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$ dget -x
http://mentors.debian.net/debian/pool/main/g/groundhog/groundhog_1.4-9.dsc
dget: retrieving
[...]
dscverify: groundhog_1.4-9.dsc failed signature check:
gpg: Signature made Sun 09 Mar 2008 08:08:55 PM CET using RSA key ID
D0428836
gpg: Can't check signature: public key not found
Validation FAILED!!
1 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$ gpg --verify
groundhog_1.4-9.dsc
gpg: Signature made Sun 09 Mar 2008 08:08:55 PM CET using RSA key ID D0428836
gpg: Good signature from "Ying-Chun Liu (PaulLiu) <[EMAIL PROTECTED]>"
gpg: aka "Ying-Jiun Liu (PaulLiu) <[EMAIL PROTECTED]>"
gpg: aka "Ying-Chun Liu (PaulLiu) <[EMAIL PROTECTED]>"
gpg: aka "Yiing-Jiunn Liu (Paul Liu) <[EMAIL PROTECTED]>"
gpg: aka "Ying-Jun Liu (PaulLiu *GrandPaul*) <[EMAIL
PROTECTED]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DA06 F3E3 41E9 99EC 18C3 76DD A108 FBC5 34A2 6946
Subkey fingerprint: 631B EEE8 2CF9 A534 D946 45BE F80B 8146 D042 8836
0 [EMAIL PROTECTED]:~/workspace/debian/sponsor/NM$
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24.1 (SMP w/1 CPU core; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages devscripts depends on:
ii debianutils 2.28.4 Miscellaneous utilities specific t
ii dpkg-dev 1.14.16.6 package building tools for Debian
ii libc6 2.7-6 GNU C Library: Shared libraries
ii perl 5.8.8-12 Larry Wall's Practical Extraction
ii sed 4.1.5-6 The GNU sed stream editor
Versions of packages devscripts recommends:
ii fakeroot 1.9.3 Gives a fake root environment
-- no debconf information
--- End Message ---
--- Begin Message ---
On Tue, 2008-03-18 at 20:13 +0100, Bernd Zeimetz wrote:
> > If so then the behaviour you're seeing is "by design"; see #469246 for a
> > request to make dget's handling of signatures more configurable.
>
> Yeah, then it's indeed by design. I never hit the problem that dget
> failed due to an unverified gpg key, so I assumed that the problem was
> the result of a subkey signature.
Thanks for confirming; closing.
Regards,
Adam
--- End Message ---
