On Thu, Apr 02, 2009 at 03:20:55PM +0200, Antonin Kral wrote: > Package: ftp.debian.org > Severity: important > > Hello, > > sorry for asking, but I have problem with uploading new version of my > package to Debian. Submit is every time refused with > > GnuPG signature check failed on atari800_2.1.0-3_i386.changes > gpg: Signature made Thu Apr 2 03:46:42 2009 UTC using DSA key ID 1BF2305A > gpg: WARNING: signing subkey 1BF2305A is not cross-certified > gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more > information > gpg: Can't check signature: general error (Exit status 2) > /atari800_2.1.0-3_i386.changes has bad PGP/GnuPG signature! > Removing /atari800_2.1.0-3_i386.changes, but keeping its associated files for > now. > > I am pretty sure, that I have cross-signed my key long time ago: > > Command> cross-certify > signing subkey 1BF2305A is already cross-certified > > I have tried to push my current key to keyring.debian.org (which was > fine), but without any luck from the package submission point of view. > > I didn't find any helpful post in mailing list archives. Can you please > assist me with this problem?
There is a delay from sending something to keyring.d.o and having it pushed to the d.o machines. It needs a new keyring to be compiled manually. If you fetch the keyring with [0] and use it instead of your primary pubring with `gpg --no-default-keyring --keyring debian-keyring.gpg --edit-key <keyid>`, what does cross-certify say? Kind regards, Philipp Kern
signature.asc
Description: Digital signature
