Hi, Adam D. Barratt wrote: > Vincent Danjean wrote: >> Package: spamassassin >> Version: 3.2.4-2 >> Followup-For: Bug #486408 >> >> Using "sa-update -D", we clearly see the problem: gpg refuse to >> certify the downloaded file because the used key is not cross-certified. >> The correct fix is to ask upstream to cross-certify its key (by >> pointing them to http://www.gnupg.org/faq/subkey-cross-certify.html ) > > Upstream have already done this, as per the fragment from the 3.2.5 > changelog I pasted in > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486408#10
I do not know how recent this is. But before sending my report, I manually download the tar.gz, the tar.gz.asc and ask gpg to get the key from a public keyserver (keys.gnupg.net in my case). So, 2 hours ago, their cross certified key were not available on this public key server yet. Looking at the previous answers, I download the new key from http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified and I just uploaded it to keys.gnupg.net. Best regards, Vincent PS: I just discovered that you already answer to this bug before my message. When reportbug show you a bug, it only show you the first report :-( I will perhaps send a wishbug to reportbug if I find some time. -- Vincent Danjean GPG key ID 0x9D025E87 [EMAIL PROTECTED] GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87 Unofficial pacakges: http://www-id.imag.fr/~danjean/deb.html#package APT repo: deb http://perso.debian.org/~vdanjean/debian unstable main -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
