On Tue, Aug 02, 2016 at 06:52:39PM +0100, Alessandro Ghedini wrote:
> it appears that my key has been included twice in the debian-keyring.gpg as
> shipped in the debian-keyring package:
> 
>  % gpg2 --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg 
> --list-keys gh...@debian.org
> pub   rsa4096/AFA51BD6CDE573CB 2010-10-29 [SC]
> uid                 [ unknown] Alessandro Ghedini <alessan...@ghedini.me>
> uid                 [ unknown] Alessandro Ghedini <alex...@cpan.org>
> uid                 [ unknown] Alessandro Ghedini <gh...@debian.org>
> sub   rsa4096/386B706D9A7BDF04 2010-10-29 [E]
> sub   ed25519/1730268A0D03529E 2015-09-23 [A]
> sub   rsa2048/8481A825D63CF092 2015-09-23 [A]
> sub   rsa4096/6F0CCBE021624728 2016-06-20 [S]
> 
> pub   rsa4096/AFA51BD6CDE573CB 2010-10-29 [SC]
> uid                 [ unknown] Alessandro Ghedini <alessan...@ghedini.me>
> uid                 [ unknown] Alessandro Ghedini <alex...@cpan.org>
> uid                 [ unknown] Alessandro Ghedini <gh...@debian.org>
> sub   rsa4096/386B706D9A7BDF04 2010-10-29 [E]
> sub   ed25519/1730268A0D03529E 2015-09-23 [A]
> sub   rsa2048/8481A825D63CF092 2015-09-23 [A]

It looks like this happened in commit
8ed91f0fb3c287f95d4fbece22e8edbd57212786 (importing changes sent to the
HKP interface on keyring.debian.org). The previous commit affecting this
key was 15a31d23030fc233f70652784a8fc67e293c54b8, which again was an HKP
import that happened to add the ECC subkey to your key. My suspicion is
that something has broken with this resulting in the duplication of the
key (we had issues with multiple copies of the same ECC subkey before it
was fixed by gpg upstream), and once that happened a simple update of
the key doesn't result in it getting cleaned up. Simple enough to do
before we do our next push.

J.

-- 
] http://www.earth.li/~noodles/ [] 101 things you can't have too much  [
]  PGP/GPG Key @ the.earth.li   []          of : 12 - Volume.          [
] via keyserver, web or email.  []                                     [
] RSA: 4096/0x94FA372B2DA8B985  []                                     [

Attachment: signature.asc
Description: Digital signature

Reply via email to