On Tue, Aug 02, 2016 at 06:52:39PM +0100, Alessandro Ghedini wrote: > it appears that my key has been included twice in the debian-keyring.gpg as > shipped in the debian-keyring package: > > % gpg2 --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg > --list-keys gh...@debian.org > pub rsa4096/AFA51BD6CDE573CB 2010-10-29 [SC] > uid [ unknown] Alessandro Ghedini <alessan...@ghedini.me> > uid [ unknown] Alessandro Ghedini <alex...@cpan.org> > uid [ unknown] Alessandro Ghedini <gh...@debian.org> > sub rsa4096/386B706D9A7BDF04 2010-10-29 [E] > sub ed25519/1730268A0D03529E 2015-09-23 [A] > sub rsa2048/8481A825D63CF092 2015-09-23 [A] > sub rsa4096/6F0CCBE021624728 2016-06-20 [S] > > pub rsa4096/AFA51BD6CDE573CB 2010-10-29 [SC] > uid [ unknown] Alessandro Ghedini <alessan...@ghedini.me> > uid [ unknown] Alessandro Ghedini <alex...@cpan.org> > uid [ unknown] Alessandro Ghedini <gh...@debian.org> > sub rsa4096/386B706D9A7BDF04 2010-10-29 [E] > sub ed25519/1730268A0D03529E 2015-09-23 [A] > sub rsa2048/8481A825D63CF092 2015-09-23 [A]
It looks like this happened in commit 8ed91f0fb3c287f95d4fbece22e8edbd57212786 (importing changes sent to the HKP interface on keyring.debian.org). The previous commit affecting this key was 15a31d23030fc233f70652784a8fc67e293c54b8, which again was an HKP import that happened to add the ECC subkey to your key. My suspicion is that something has broken with this resulting in the duplication of the key (we had issues with multiple copies of the same ECC subkey before it was fixed by gpg upstream), and once that happened a simple update of the key doesn't result in it getting cleaned up. Simple enough to do before we do our next push. J. -- ] http://www.earth.li/~noodles/ [] 101 things you can't have too much [ ] PGP/GPG Key @ the.earth.li [] of : 12 - Volume. [ ] via keyserver, web or email. [] [ ] RSA: 4096/0x94FA372B2DA8B985 [] [
signature.asc
Description: Digital signature
