On Mon, Feb 26, 2018 at 11:20:58PM +0100, Sven Wick wrote:
> On 02/26/2018 08:36 PM, Mattia Rizzolo wrote:
> >
> > > > Also, what you uploaded as recutils_1.7.orig.tar.gz.asc is not not a
> > > > detached signature (as it should be), but a public key export.
> > This is still not correct.
> >
>
> Better now?
Yes!
mattia@warren ~/devel/debian/RFS/recutils % gpg --homedir gpg --verify recutils_1.7.orig.tar.gz.asc
gpg: assuming signed data in 'recutils_1.7.orig.tar.gz'
gpg: Signature made Tue 25 Mar 2014 12:09:36 AM CET
gpg: using RSA key 3EF90523B304AF08
gpg: Good signature from "Jose E. Marchesi <jemarch@gnu.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDFA 5717 FC1D D35C 2C38 32A2 3EF9 0523 B304 AF08
:)
(`--homedir gpg` where 'gpg' is a directory with a keyring containing
only the key I found in debian/upstream/signing-key.asc).
And uploaded!
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature