[Pkg-rust-maintainers] Bug#1031020: sqop: Fails to verify sig on gnutls28_3.7.8.orig.tar.xz
Andreas Metzler
ametzler at bebt.de
Fri Feb 10 14:38:21 GMT 2023
Package: sqop
Version: 0.27.2-1
Severity: normal
X-Debbugs-Cc: ametzler at bebt.de
I thought this should work, but it does not:
sqop verify gnutls28_3.7.8.orig.tar.xz.asc gnutls-3.7.8/debian/upstream/signing-key.asc < gnutls28_3.7.8.orig.tar.xz.asc
No acceptable signatures found
One of the signing keys (462225C3B46F34879FC8496CD605848ED7E69871) is in gnutls-3.7.8/debian/upstream/signing-key.asc:
ametzler at argenau:/tmp/GNUTLS$ gpg gnutls28_3.7.8.orig.tar.xz.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in 'gnutls28_3.7.8.orig.tar.xz'
gpg: Signature made Di 27 Sep 2022 16:07:05 CEST
gpg: using RSA key A6AB53A01D237A94F9EEC4D0412748A40AFCC2FB
gpg: Good signature from "Alexander Sosedkin <monk at unboiled.info>" [unknown]
gpg: aka "[jpeg image of size 984]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E987 AB7F 7E89 6677 76D0 5B3B B0E9 DD20 B29F 1432
Subkey fingerprint: A6AB 53A0 1D23 7A94 F9EE C4D0 4127 48A4 0AFC C2FB
gpg: Signature made Di 27 Sep 2022 17:14:15 CEST
gpg: using RSA key 462225C3B46F34879FC8496CD605848ED7E69871
gpg: Good signature from "Daiki Ueno <ueno at unixuser.org>" [undefined]
gpg: aka "Daiki Ueno <ueno at gnu.org>" [undefined]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4622 25C3 B46F 3487 9FC8 496C D605 848E D7E6 9871
gpg: Signature made Di 27 Sep 2022 17:36:07 CEST
gpg: using EDDSA key 5D46CB0F763405A7053556F47A75A648B3F9220C
gpg: Good signature from "Zoltan Fridrich <zfridric at redhat.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5D46 CB0F 7634 05A7 0535 56F4 7A75 A648 B3F9 220C
ametzler at argenau:/tmp/GNUTLS$ gpg gnutls-3.7.8/debian/upstream/signing-key.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa3104 2008-05-04 [SC] [expires: 2028-04-29]
1F42418905D8206AA754CCDC29EE58B996865171
uid Nikos Mavrogiannopoulos <nmav at gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com>
uid Nikos Mavrogiannopoulos <nmav at hushmail.com>
sub rsa2048 2018-02-06 [S] [expires: 2028-02-04]
sub rsa2048 2018-02-06 [E] [expires: 2028-02-04]
pub rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
462225C3B46F34879FC8496CD605848ED7E69871
uid Daiki Ueno <ueno at gnu.org>
uid Daiki Ueno <ueno at unixuser.org>
sub rsa4096 2010-02-04 [E]
(Same behavior on sid 0.27.3-1)
cu Andreas
More information about the Pkg-rust-maintainers
mailing list