Public bug reported:
Binary package hint: dpkg-dev
Package: dpkg-dev
Version: 1.14.20ubuntu6.1
Description: Ubuntu 8.10
The changelog for dpkg-dev contains this item:
dpkg (1.14.20ubuntu5) intrepid; urgency=low
* scripts/Dpkg/Source/Package.pm: Point gpg at
/usr/share/keyrings/ubuntu-archive-keyring.gpg if it exists.
and indeed, that's what the package does. Unfortunately, source packages
are not (usually? ever?) signed by the archive, so this results in dpkg-
source not finding the key.
c...@sphinx:~$ apt-get source coreutils
[...]
gpg: Signature made Thu 26 Jun 2008 08:23:34 PM EDT using DSA key ID 29982E5A
gpg: Can't check signature: public key not found
c...@sphinx:~$ gpg -q --verify --keyring
/usr/share/keyrings/ubuntu-archive-keyring.gpg --keyring
/usr/share/keyrings/debian-keyring.gpg coreutils_6.10-6ubuntu1.dsc
gpg: Signature made Thu 26 Jun 2008 08:23:34 PM EDT using DSA key ID 29982E5A
gpg: Good signature from "Steve Langasek <[email protected]>"
I believe this change should be reverted, or possibly modified to
include both keyrings if they are present, if that makes sense.
** Affects: dpkg (Ubuntu)
Importance: Undecided
Status: New
--
dpkg-source uses wrong keyring
https://bugs.launchpad.net/bugs/344065
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
