Bug#703364: apt-get source should give better suggestion in case debian-keyring is missing
Control: reassign -1 dpkg-dev 1.16.9
Control: retitle -1 dpkg-source should give better suggestion in case
debian-keyring is missing
On Mon, Mar 18, 2013 at 9:12 PM, Alois Mahdal <Alois.Mahdal@zxcvb.cz> wrote:
> I tried to download a src package using apt-get source. apt gave me
> following set of warnings:
>
> $ apt-get source mousepad
> [...]
> Fetched 454 kB in 0s (1,050 kB/s)
> gpgv: keyblock resource `/home/me/.gnupg/trustedkeys.gpg': file open error
> gpgv: Signature made Sat 30 Jun 2012 05:49:12 PM CEST using RSA key ID 71EF0BA8
> gpgv: Can't check signature: public key not found
> dpkg-source: warning: failed to verify signature on ./mousepad_0.2.16-6.dsc
> [...]
>
> For official sources, this basically means that user should
> download debian-keyring in order to obtain debian-keyring.gpg,
> *not* the path suggested by the warning.
[…snip the rest of the bugreport with suggestions … ]
I think a better hint would be in order here, too, but it is dpkg-source
showing this message and we have no good way to know about that, so I am
reassigning to dpkg-dev for consideration by the dpkg maintainers.
Especially as it is not that unlikely that dpkg-source is used by hand, too.
Best regards
David Kalnischkies
Reply to: