Re: Question about Debian archive signing keys
On Mon, 2020-08-03 at 17:40 +0200, F!nTcH wrote:
> I would like to share my observations and ask you if there is
> something wrong about key used to sign the Buster Debian Archive, or
> if I missed something in all explanations I've read all around the
> Internet.
>
> But, if I do the same with Buster, it fails !
[...]
> gpgv: avec la clef RSA
> 067E3C456BAE240ACEE88F6FEF0F382A1A7B6500
> gpgv: issuer "debian-release@lists.debian.org"
> gpgv: Impossible de vérifier la signature : Pas de clef publique
>
> The last key seems wrong. We have good signature for Stretch
> Automatic and Buster Automatic but not for Buster Stable. A quick
> look shows up that the missing key is in fact Stretch Stable,
> according to fingerprint.
Oops. Thanks for bringing this to our attention.
You are correct that the SRM signature should be from the buster key.
We're working with ftp-master to get an additional signature added that
uses that key. (So 10.5's release files will have 4 signatures rather
than the usual 3.)
Regards,
Adam
Reply to: