[pkg-gnupg-maint] Bug#1022702: gnupg 2.4 EOL
Nicholas D Steeves
sten at debian.org
Sat Apr 5 22:46:03 BST 2025
Hello,
I found an upstream (Syncthing) who distributes signatures that GnuPG
2.2.x appears to not be able to handle.
Is there a GnuPG 2.2.x-compat signing mode that we should be asking our
upstreams to use? Meanwhile, some of our upstreams are moving to
alternative OpenPGP implementations. Does this mean the issues of
diverging standards that Daniel and Andreas raised are going to become a
problem in 2025? In other words, has this bug become more important
than wishlist?
I installed 2.4.7 from
experimental, and this version successfully verified the sig; however,
uscan appears to need to be made compatible with 2.4.7, ie
uscan die: OpenPGP signature did not verify. at
/usr/share/perl5/Devscripts/Uscan/Output.pm line 77.
even though GPG returned "Good signature" for both upstream signatures.
Given that the soft-freeze is only 9 days away, should the release team
be contacted?
Thank you for working on this tricky and frustrating problem,
Nicholas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 857 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250405/8c279c5b/attachment.sig>
More information about the pkg-gnupg-maint
mailing list