On Mon, Feb 26, 2018 at 11:20:58PM +0100, Sven Wick wrote: > On 02/26/2018 08:36 PM, Mattia Rizzolo wrote: > > > > > > Also, what you uploaded as recutils_1.7.orig.tar.gz.asc is not not a > > > > detached signature (as it should be), but a public key export. > > This is still not correct. > > > > Better now?
Yes! mattia@warren ~/devel/debian/RFS/recutils % gpg --homedir gpg --verify recutils_1.7.orig.tar.gz.asc gpg: assuming signed data in 'recutils_1.7.orig.tar.gz' gpg: Signature made Tue 25 Mar 2014 12:09:36 AM CET gpg: using RSA key 3EF90523B304AF08 gpg: Good signature from "Jose E. Marchesi <jema...@gnu.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: BDFA 5717 FC1D D35C 2C38 32A2 3EF9 0523 B304 AF08 :) (`--homedir gpg` where 'gpg' is a directory with a keyring containing only the key I found in debian/upstream/signing-key.asc). And uploaded! -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature