On Wed, Apr 01, 2020 at 06:37:33AM +0000, Thorsten Glaser wrote: > severity 955393 wishlist > thanks > > Bill Allombert dixit: > > >Hello Thorsten, > >Could you investigate ? The key is in this file: > >/usr/share/popularity-contest/debian-popcon.gpg > > Sure: > > tglase@tglase-nb:~ $ gpg --import > /usr/share/popularity-contest/debian-popcon.gpg > gpg: key 233E3E85: no valid user IDs > gpg: this may be caused by a missing self-signature > gpg: Total number processed: 1 > gpg: w/o user IDs: 1 > 2|tglase@tglase-nb:~ $ gpg2 --import > /usr/share/popularity-contest/debian-popcon.gpg > gpg: keyserver option 'verbose' is unknown > gpg: keyserver option 'verbose' is unknown > gpg: key 15A07BA5233E3E85: public key "Debian popularity contest server (2020 > submission key) <sur...@popcon.debian.org>" imported > > Turns out that the key is only compatible with gpg2.
Thanks! Maybe because they are ECDSA keys, not RSA. > Can you please change all calls to gpg in popcon to gpg2? > I know that gpg2 ships /usr/bin/gpg these days, but I had > to revert that to gpg1 locally for some reasons, and my > requests for them to handle that with update-alternatives > went nowhere, so I just set the symlink manually… but it > would be welcomed to not assume gpg is gpg2. Well, /etc/cron.daily/popularity-contest is a conffile, so you can edit it. I would suggest you add a symlink /usr/local/bin/gpg -> /usr/bin/gpg1 instead of changing /usr/bin/gpg. The problem with your suggestion is that further gpg upgrade might get rid of gpg2 at some point and this will lead users with incorrect conffile. Cheers, -- Bill. <ballo...@debian.org> Imagine a large red swirl here.
