GNU bug report logs -
#70003
29.2; persist on elpa is missing EDDSA public key
Previous Next
Full log
Message #11 received at 70003 <at> debbugs.gnu.org (full text, mbox):
Xiyue Deng <manphiz <at> gmail.com> writes:
> When preparing the latest persist for Debian packaging, we notice that
> one of the EDDSA signing key is missing. The output of the command
> Debian uses the check and import the latest version is as follow:
>
> ,----
> | $ gbp import-orig --uscan
> | gbp:info: Launching uscan...
> | Newest version of persist-el on remote site is 0.6, local version is 0.5
> | (mangled local version is 0.5)
> | => Newer package available from:
> | => https://elpa.gnu.org/packages/persist-0.6.tar
> | gpgv: Signature made Sat 13 Jan 2024 02:05:03 AM PST
> | gpgv: using RSA key C433554766D3DDC64221BFAA066DAFCB81E42C40
> | gpgv: Good signature from "GNU ELPA Signing Agent (2019) <elpasign <at> elpa.gnu.org>"
> | gpgv: Signature made Sat 13 Jan 2024 02:05:03 AM PST
> | gpgv: using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966
> | gpgv: Can't check signature: No public key
> | uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 77.
> | gbp:error: Uscan failed: OpenPGP signature did not verify.
> `----
>
> As the error message shows, the public key of EDDSA key
> 0327BE68D64D9A1A66859F15645357D2883A0966 is missing.
>
> I have checked with the current persist maintainer Joseph Turner and he
> suggested that he was also not aware of the EDDSA key, and suggested
> that I should file a bug instead, so here I am :)
>
> Also, as the existing RSA key can successfully verify the file with a
> valid signature, I wonder whether the EDDSA is still needed as a
> redundant checking.
These packages are generated by the ELPA scripts. Maybe Stefan Monnier
or Philip can help (in Cc).
This bug report was last modified 106 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.