On Wed, 24 Jun 2020 davidson wrote: One clarification...
[dd]
Here are three mutually exclusive cases, of what a system may tell you, depending on how your reality conforms to conditions (1) and (2) above.
...regarding the third case:
SIGNING KEY UNKNOWN, bailing out: When (2) is NO gpg: Signature made Wed 24 Jun 2020 06:58:06 AM EDT gpg: using RSA key 2E3F09D22FFDC4ABF32DF441EB18A1C0111F5F49 gpg: Can't check signature: No public key All is not well. SUMFILE was not signed by a debian role key (or, at
^^^^^^^
least, not by one in the keyring you specified).
I should restate that last bit more clearly: "SUMFILE.sign does not contain a signature from a debian role key" ^^^^^^^^^^^^
For all you know, SUMFILE.sign could contain the Hamburglar's signature! Or Marilyn Monroe's! And it remains unknown in this case whether (1) is YES or NO. In other words, we don't know whether SUMFILE.sign contains *anyone*'s signature for SUMFILE. If I have said anything incorrect or misleading above, I hope somebody will correct me.
-- Firstly, you must always implicitly obey orders, without attempting to form any opinion of your own respecting their propriety. Secondly, you must consider every man your enemy who speaks ill of your king; and thirdly, you must hate a Frenchman, as you do the devil. --H. Nelson