On Sat, Oct 20, 2007 at 07:44:49PM +0200, Joachim Breitner wrote: > I just got this message, and I don’t know what to do with it. I uploaded > haskell-x11-extras_0.4-1_i386.changes to NEW a while ago, and it’s still > there. Maybe some buildd? Or did someone try to sneak in a package?
Note that the key used for the upload didn't belong to a DD: > Am Samstag, den 20.10.2007, 00:22 +0000 schrieb Archive Administrator: > > PGP/GnuPG signature check failed on haskell-x11-extras_0.4-1.1_i386.changes > > gpg: Signature made Sat Oct 20 00:17:43 2007 UTC using DSA key ID BF45DCE3 > > gpg: Can't check signature: public key not found > > gpg: Signature made Sat Oct 20 00:17:43 2007 UTC using DSA key ID BF45DCE3 > > gpg: Can't check signature: public key not found > > (Exit status 2) > > haskell-x11-extras_0.4-1.1_i386.changes has bad PGP/GnuPG signature! Packages uploaded from buildds are all signed by DDs. Also, buildds don't spontaneously create new source versions of packages. The key ID in question appears to belong to Alexander V. Inyukhin <[EMAIL PROTECTED]>. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
