Dropping Joel as I don't want to spam him. On Mon, 2025-03-17 at 18:05 +0530, Ritesh Raj Sarraf wrote: > > > > You might be workaround this by using an older dupload/dput, which > > still uses gpg, or maybe by changing the crypto policy [1]. > > > > There might also be a possibility to update your key to use a > > stronger hash (using sqv). However I don't know what effect this > > has > > on your key in the Debian ecosystem. > > `dput` has not been kind to me at all. Neither dput nor dput-ng, > given > that the issue has something to do with the ftp-mode. > > > Thankfully I've been able to unblock myself with dupload. > > @ dupload --skip-hooks openpgp-check bpfcc_0.31.0+ds-5_source.changes > dupload note: no announcement will be sent. > dupload: warning: skipping pre-upload changes hook > /usr/share/dupload/openpgp-check %1 > Checking Debian transitions for bpfcc... > Ok, not found in any. > Uploading (scpb) to > ssh.upload.debian.org:/srv/upload.debian.org/UploadQueue/ > [ Preparing job bpfcc_0.31.0+ds-5_source from bpfcc_0.31.0+ds- > 5_source.changes > bpfcc_0.31.0+ds-5.debian.tar.xz, size ok, md5sum ok, sha1sum ok, > sha256sum ok > bpfcc_0.31.0+ds-5.dsc, size ok, md5sum ok, sha1sum ok, sha256sum ok > bpfcc_0.31.0+ds-5_source.buildinfo, size ok, md5sum ok, sha1sum ok, > sha256sum ok > bpfcc_0.31.0+ds-5_source.changes ok ] > Uploading (scpb) to debian-ssh (ssh.upload.debian.org) > [ Uploading job bpfcc_0.31.0+ds-5_source > bpfcc_0.31.0+ds-5.debian.tar.xz 22.5 kB, uploading > bpfcc_0.31.0+ds-5.dsc 2.8 kB, uploading > bpfcc_0.31.0+ds-5_source.buildinfo 9.3 kB, uploading > bpfcc_0.31.0+ds-5_source.changes 2.2 kB, uploading > ] > > > And this upload was signed after the cleansing of the keys from the > SHA1 algo signatures. So it should be a good test validation if it > passes the ftpmaster's checks.
Hello, Back again with my current status. So as I mentioned I was able to manage to upload to ftp-master. But I'm getting no usual email response, whether the package is accepted or rejected, like we all usually do. My guess is that my keys in the debian-keyring might still be using the old outdated sha1 keys. I'm going to wait for some more time before I file an email request with the Debian RT team. I did fix my keys and validated them. And uploaded them but possibly the debian-keyring in use for ftp-master package clearance, may not be having it yet. @ gpg --export-secret-key F00A2BE6 | sq cert lint --fix Waiting for OpenPGP certificates on stdin... Examined 1 certificate. 0 certificates are invalid and were not linted. (GOOD) 1 certificate was linted. 0 of the 1 certificates (0%) have at least one issue. (GOOD) 0 of the linted certificates were revoked. 0 of the 0 certificates has revocation certificates that are weaker than the certificate and should be recreated. (GOOD) 0 of the linted certificates were expired. 1 of the non-revoked linted certificate has at least one non-revoked User ID: 0 have at least one User ID protected by SHA-1. (GOOD) 0 have all User IDs protected by SHA-1. (GOOD) 1 of the non-revoked linted certificates has at least one non-revoked, live subkey: 0 have at least one non-revoked, live subkey with a binding signature that uses SHA-1. (GOOD) 1 of the non-revoked linted certificates has at least one non-revoked, live, signing-capable subkey: 0 certificates have at least one non-revoked, live, signing-capable subkey with a strong binding signature, but a backsig that uses SHA-1. (GOOD) @ gpg --export F00A2BE6 | sq cert lint --fix Examined 1 certificate. 0 certificates are invalid and were not linted. (GOOD) 1 certificate was linted. 0 of the 1 certificates (0%) have at least one issue. (GOOD) 0 of the linted certificates were revoked. 0 of the 0 certificates has revocation certificates that are weaker than the certificate and should be recreated. (GOOD) 0 of the linted certificates were expired. 1 of the non-revoked linted certificate has at least one non-revoked User ID: 0 have at least one User ID protected by SHA-1. (GOOD) 0 have all User IDs protected by SHA-1. (GOOD) 1 of the non-revoked linted certificates has at least one non-revoked, live subkey: 0 have at least one non-revoked, live subkey with a binding signature that uses SHA-1. (GOOD) 1 of the non-revoked linted certificates has at least one non-revoked, live, signing-capable subkey: 0 certificates have at least one non-revoked, live, signing-capable subkey with a strong binding signature, but a backsig that uses SHA-1. (GOOD) -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
signature.asc
Description: This is a digitally signed message part
