Package: debian-keyring Version:2009.01.18 Severity: normal Found: 2009.01.18 Fixed: 2010.06.08
Please add the debian CD signing key (64E6EA7D) to debian-keyring/lenny so that lenny CD-images can be verified on a lenny system. With the lenny debian-role keyring, it is not possible to verify the SHA512SUMS file from http://cdimage.debian.org/debian-cd/5.0.7/amd64/jigdo-cd/ $ gpg --keyring /usr/share/keyrings/debian-role-keys.gpg --verify SHA512SUMS.sign gpg: Signature made Sun Nov 28 22:47:37 2010 CET using RSA key ID 64E6EA7D gpg: Can't check signature: public key not found If I extract the debian-role keyring from the testing version of debian-keyring, I can successfully verify the SHA512SUMS file: $ gpg --keyring ./debian-role-keys.gpg --verify SHA512SUMS.sign gpg: Signature made Sun Nov 28 22:47:37 2010 CET using RSA key ID 64E6EA7D gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Thanks Max Gaukler -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
