Hi! On Fri, 2023-12-22 at 10:53:18 +0100, Christian Marillat wrote: > Package: dupload > Version: 2.10.4 > Severity: grave
> This version fail to check a signature. Work fine with 2.10.3 > > ,---- > | $ debrelease > | dupload note: no announcement will be sent. > | Checking OpenPGP signatures before upload...gpgv: Signature made Fri Dec 22 > 10:50:05 2023 CET > | gpgv: using RSA key A401FF99368FA1F98152DE755C808C2B65558117 > | gpgv: issuer "maril...@deb-multimedia.org" > | gpgv: Can't check signature: No public key > | openpgp-check: error: cannot verify inline signature for > ../gerbera-dmo_1.12.1-dmo5_amd64.changes: no acceptable signature found > | > | dupload: error: Pre-upload '/usr/share/dupload/openpgp-check %1' failed for > ../gerbera-dmo_1.12.1-dmo5_amd64.changes > `---- Just to understand what is going wrong, I assume you don't have the debian-keyring package installed (where the signing certificate could be found in the debian-keyring.gpg keyring), nor the certificate for A401FF99368FA1F98152DE755C808C2B65558117 in ~/.gnupg/trustedkeys.gpg? But gpg has it in its certificate store? (Also wondering whether dpkg-source can verify the source for that, as it is using the same logic as the rewritten hook is using now?) Thanks, Guillem