package: src:debian-archive-keyring severity: serious version: 2012.4 tags: security
The archive keyring package is currently signed by Philip Kern's old removed key. Since this package contains the keys to archive, it really needs a valid signature. $ apt-get source debian-archive-keyring --download-only $ dpkg-source -x --require-valid-signature debian-archive-keyring_2012.4.dsc gpgv: Signature made Sat 02 Jun 2012 11:59:09 AM EDT using DSA key ID B2CFCDD8 gpgv: Can't check signature: public key not found dpkg-source: error: failed to verify signature on ./debian-archive-keyring_2012.4.dsc Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
