Control: retitle -1 dpkg-source: give better suggestion in case distro keyrings are missing
On Mon, 2013-03-18 at 22:15:19 +0100, David Kalnischkies wrote: > On Mon, Mar 18, 2013 at 9:12 PM, Alois Mahdal <alois.mah...@zxcvb.cz> wrote: > > I tried to download a src package using apt-get source. apt gave me > > following set of warnings: > > > > $ apt-get source mousepad > > [...] > > Fetched 454 kB in 0s (1,050 kB/s) > > gpgv: keyblock resource `/home/me/.gnupg/trustedkeys.gpg': file open > > error > > gpgv: Signature made Sat 30 Jun 2012 05:49:12 PM CEST using RSA key ID > > 71EF0BA8 > > gpgv: Can't check signature: public key not found > > dpkg-source: warning: failed to verify signature on > > ./mousepad_0.2.16-6.dsc > > [...] > > > > For official sources, this basically means that user should > > download debian-keyring in order to obtain debian-keyring.gpg, > > *not* the path suggested by the warning. > […snip the rest of the bugreport with suggestions … ] > > I think a better hint would be in order here, too, but it is dpkg-source > showing this message and we have no good way to know about that, so I am > reassigning to dpkg-dev for consideration by the dpkg maintainers. > Especially as it is not that unlikely that dpkg-source is used by hand, too. I'll think about how to do that w/o annoying people who might not want those keyrings installed. Also it should be taken into account there's really no way for dpkg-source to know if a package is official or not, although apt should know that, so maybe a way might be to introduce a new option. In any case the error from gpgv could be avoided if the code used gpg first (which I'll be changing locally), although that gives different error messages here, which I'll be checking out and reporting to the gnupg package. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
