Bug#703364: apt-get source should give better suggestion in case debian-keyring is missing

[David Kalnischkies <kalnischkies+debian@gmail.com>]

Control: reassign -1 dpkg-dev 1.16.9
Control: retitle -1 dpkg-source should give better suggestion in case
debian-keyring is missing

On Mon, Mar 18, 2013 at 9:12 PM, Alois Mahdal <Alois.Mahdal@zxcvb.cz> wrote:
> I tried to download a src package using apt-get source.  apt gave me
> following set of warnings:
>
>     $ apt-get source mousepad
>     [...]
>     Fetched 454 kB in 0s (1,050 kB/s)
>     gpgv: keyblock resource `/home/me/.gnupg/trustedkeys.gpg': file open error
>     gpgv: Signature made Sat 30 Jun 2012 05:49:12 PM CEST using RSA key ID 71EF0BA8
>     gpgv: Can't check signature: public key not found
>     dpkg-source: warning: failed to verify signature on ./mousepad_0.2.16-6.dsc
>     [...]
>
> For official sources, this basically means that user should
> download debian-keyring in order to obtain debian-keyring.gpg,
> *not* the path suggested by the warning.
[…snip the rest of the bugreport with suggestions … ]

I think a better hint would be in order here, too, but it is dpkg-source
showing this message and we have no good way to know about that, so I am
reassigning to dpkg-dev for consideration by the dpkg maintainers.
Especially as it is not that unlikely that dpkg-source is used by hand, too.


Best regards

David Kalnischkies