A concrete example is libhtml-parser-perl 3.12-1. The message that was sent to debian-devel-changes <URL:http://lists.debian.org/debian-devel-changes-0009/msg01376.html> was signed by a GPG key with ID 6D85A41E, which is not in the debian keyring. Michael Alan Dorman, the maintainer, has a different key in the ring. (I could not find the key on the keyservers, either.) I was under the impression that uploads require a changes message signed by a key in debian-keyring for them to be accepted. Is this not the case, or was there an oversight somewhere? (please CC me) -- Robbe
Attachment:
signature.ng
Description: PGP signature