[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Package Key Mismatch

On Tue, May 26, 2020 at 11:18:28AM +0100, Andrew wrote:
> Had an update failure with the message

Thanks for checking!

> (2) andrew@andrew Downloads $ wget
> https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
> --2020-05-26 10:59:43--  https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
> Connecting to connected.
> Proxy request sent, awaiting response... 200 OK
> Length: 1810 (1.8K) [application/pgp-signature]
> Saving to: ‘tarsnap-deb-packaging-key.asc.1’
> tarsnap-deb-packaging-key.asc.1

Look carefully: that file is saved with a .1 at the end of it...

> (2) andrew@andrew Downloads $ gpg --list-packets tarsnap-deb-packaging-key.asc | grep signature
> :signature packet: algo 1, keyid 70BD6C50E82A9D99
> :signature packet: algo 17, keyid 38CECA690C6A6A6E

... but here, you're checking a file that does *not* have a .1 at the end.
I'm guessing this was the file you downloaded in 2019?  (that matches the
-2019 key on my computer, at least.)

I'm wondering if I should change the docs to point to the year-based keys,
instead of the generic filenames.  The downside is that if anybody quotes the
docs (say, in an email), then the instructions would cease the be
copy&pasteable... but maybe the "2019" vs. "2020" would be a clear enough
thing to change?  I'll have to think about it some more.

- Graham Percival