[pkg-bacula-devel] Import of 15.0.3 fails with sqv-sopv
Sven Hartge
sven at svenhartge.de
Tue Apr 1 21:20:50 BST 2025
On 01.04.25 10:06, Carsten Leonhardt wrote:
> Sven Hartge <sven at svenhartge.de> writes:
>
>> uscan info: Verifying OpenPGP signature ../bacula-15.0.3.tar.gz.sig
>> for ../bacula-15.0.3.tar.gz
>> No acceptable signatures found
>
> It seems to be due to an SHA1 signature:
>
> gpgv: Signatur vom Do 27 Mär 2025 13:59:09 CET
> gpgv: mittels RSA-Schlüssel 5235F5B668D81DB61704A82DC0BE2A5FE9DF3643
> gpgv: Aussteller "kern at bacula.org"
> gpgv: Hinweis: SHA1 basierte Signaturen werden zurückgewiesen.
> gpgv: Signatur kann nicht geprüft werden: Bad public key
> dpkg-source: Warnung: Tarball-Signatur der Originalautoren für ./bacula_15.0.3.orig.tar.gz kann nicht überprüft werden: keine akzeptierbaren Signaturen gefunden
>
> There's a thread about something similar on debian-devel:
> https://lists.debian.org/debian-devel/2025/03/msg00477.html
I saw that thread, but because the error message of sq-sopv was so
utterly useless, even with --debug, I was not able connect the two dots.
Worth a report to the Bacula guys to switch to a more modern signature
algorithm, I guess.
Grüße,
S°
More information about the pkg-bacula-devel
mailing list