Re: Understand Debian Keyring
On January 5, 2020 12:34:53 PM EST, Wookey <wookey@wookware.org> wrote:
>On 2020-01-05 10:01 -0500, Tong Sun wrote:
>> Now, before I redo the upload (and get it stuck again), let me try to
>> understand the situation --
>>
>> The reason it was stuck might be because my key was *considered*
>> expired. The problem is, I renewed it two or three weeks ago, and sent
>> it to pgp &
>> Ubuntu key servers.
>>
>> The mentors.debian.net accepted my (renewed) key, but ftp-master
>> didn't. Might that my key on ftp-master.debian.org is somehow not
>> refreshed? Anyway, I tried to fix the issue by refreshing my key to
>> keyring.debian.org. However, on reading https://keyring.debian.org/, I
>> stated to wonder that if it good enough *now*:
>>
>> > We will include your changed key in our next keyring push (which happens approx. monthly).
>>
>> What does it really mean? Shall I need to wait a month before uploading again?
>
>One thing is check that you are signing the packages with the new key
>and not the old one (not sure if 'renewing' counts as a new key or
>not?). If both are around (gpg -K will show available secret keys),
>it's very easy to sign with the wrong one, and then ftp-master quietly
>throws away your packages without telling you.
>
>I know this because I've had this problem for some time (my machine
>defaults to using the wrong key despite having default-key set in
>.gnupg/gpg.conf so I have to sign with an expicit key (debsign -k)).
>
>Wookey
He said his key was expired, so in this context renewing his key means bumping the expiration date. That won't be a problem
Reply to: