On Tue, 09 Jul 2019 20:20:35 +0200 Marc Haber <mh+debian- packa...@zugschlus.de> wrote: > when some archive signing keys have changed, mini-buildd just says > "GnuPG authorization failed" without giving any information about the > reasons to fail. [...] > > Any why does it need to be so hard to find out what's going wrong? > Wouldn't it be possible to emit something like "release file > http://path.to.release.file/debian/dists/stretch/Release signed with > untrusted key 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC" without having > to hike up the debug level, maybe even in the web interface?
This bites us too after each release, but it's clearly gpg that decides that the Release file signatures aren't valid unless _all_ signatures can be verified, and I don't know if there's any way to tell it that _one_ valid signature is enough. How does APT validate the signatures? Logging the output from gpg shouldn't be hard, though. -- Magnus Holmgren, developer MILLNET AB -- Vid e-postkontakt med Millnet är det normalt att åtminstone vissa personuppgifter sparas om dig. Du kan läsa mer om vilka uppgifter som sparas och hur vi hanterar dem på https://www.millnet.se/integritetspolicy/ <https://www.millnet.se/integritetspolicy/>.
