Hi, On Sun, 25 Mar 2018 09:28:33 +0200 Geert Stappers <stapp...@debian.org> wrote: ... > | $ dget -x > https://mentors.debian.net/debian/pool/main/s/spi-tools/spi-tools_0.8.1-1.dsc > ... > | spi-tools_0.8.1-1.dsc: > | dscverify: spi-tools_0.8.1-1.dsc failed signature check: > | gpg: WARNING: no command supplied. Trying to guess what you mean ... > | gpg: Signature made za 24 mrt 2018 23:32:39 CET > | gpg: using RSA key 4CCCD808BD26E93E2F4D5372E39014192604BE32 > | gpg: issuer "lkund...@v3.sk" > | gpg: Can't check signature: Geen publieke sleutel > | Validation FAILED!! > | stappers@paddy:~/src ... > Where to find gpg key 4CCCD808BD26E93E2F4D5372E39014192604BE32 ?
They key was generated solemnly for the purpose of mentors.debian.net matching the package with my account. Sharing it would be worthless, because basically nobody trusts it. It's perhaps a better idea to trust that mentors.debian.net didn't tamper with the package and use dget -u to obtain the package. Lubo