Hi, On 18/02/2021 12:04, Holger Levsen wrote:
On Thu, Feb 18, 2021 at 10:34:57AM +0100, Sylvain Beucler wrote:Let's wait a bit more to understand what exactly is blocking.I've went ahead and uploaded your upload (after confirming sigs and debdiff..) because researching the past (and present) is not really related to getting this security fix uploaded.
For the record, I only suggested waiting because this was a non-urgent upload (i.e. a batch of medium CVEs that had piled up) :)
Thanks again for sponsoring the upload promptly.
In addition I exported my GPG key/sigs there, and it's also available at db.debian.org/keyring.debian.org :)can you upload to unstable with that key?
Still for the record, Raphaël suggested checking the various boxes that import the keyring (I found that quantz does), so as to check a similar setup to security-master's, e.g.
$ gpg --keyring /srv/keyring.debian.org/keyrings/debian-keyring.gpg \ --list-keys EE887356CD2F16A0https://keyring.debian.org/ also has information about the current state of the keyring (which is different than the hkp server's):
- https://salsa.debian.org/debian-keyring/keyring/ - rsync -av keyring.debian.org::keyrings/ keyrings/In this particular case, the initial key import was done without renewal signatures (hence expired). I contacted the keyring team twice meanwhile but got no answer. AFAICS this is eventually fixed with yesterday's monthly hkp sync.
Cheers! Sylvain