Re: why are improperly signed uploads accepted?
On Sun, Sep 17, 2000 at 01:05:53PM +0200, Robert Bihlmeyer wrote:
> A concrete example is libhtml-parser-perl 3.12-1. The message
> that was sent to debian-devel-changes
> <URL:http://lists.debian.org/debian-devel-changes-0009/msg01376.html>
> was signed by a GPG key with ID 6D85A41E, which is not in the debian
> keyring. Michael Alan Dorman, the maintainer, has a different key in
> the ring. (I could not find the key on the keyservers, either.)
>
> I was under the impression that uploads require a changes message
> signed by a key in debian-keyring for them to be accepted. Is this not
> the case, or was there an oversight somewhere?
[bcollins@auric(7:23am)-~]%gpg --list-keys --keyring /org/keyring.debian.org/keyrings/debian-keyring.gpg --keyring /org/keyring.debian.org/keyrings/debian-keyring.pgp | grep 6D85A41E
pub 1024D/6D85A41E 2000-08-22 Michael Alan Dorman <mdorman@mallet-assembly.org>
Don't go by the debian-keyring package. It's not as up-to-date as the one
that dinstall uses.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: