why are improperly signed uploads accepted?

To: debian-devel@lists.debian.org
Subject: why are improperly signed uploads accepted?
From: Robert Bihlmeyer <robbe@orcus.priv.at>
Date: 17 Sep 2000 13:05:53 +0200
Message-id: <[🔎] 87bsxns2ge.fsf@hoss.orcus.priv.at>

A concrete example is libhtml-parser-perl 3.12-1. The message
that was sent to debian-devel-changes
<URL:http://lists.debian.org/debian-devel-changes-0009/msg01376.html>
was signed by a GPG key with ID 6D85A41E, which is not in the debian
keyring. Michael Alan Dorman, the maintainer, has a different key in
the ring. (I could not find the key on the keyservers, either.)

I was under the impression that uploads require a changes message
signed by a key in debian-keyring for them to be accepted. Is this not
the case, or was there an oversight somewhere?

(please CC me)
-- 
Robbe

Attachment: signature.ng
Description: PGP signature

Reply to:

Follow-Ups:
- Re: why are improperly signed uploads accepted?
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: join us!
Next by Date: Re: why are improperly signed uploads accepted?
Previous by thread: Re: CVS apt 0.4.0
Next by thread: Re: why are improperly signed uploads accepted?
Index(es):
- Date
- Thread