[Tobias Geerinckx-Rice]:
AIR Guix does not (yet?) resolve subkeys to an authorised primary. This means that each signing subkey used must be explicitly authorised. If you look at upstream Guix's .guix-authorizations, you'll see a good few ';; Primary: XXXX…' comments above certains keys, including mine.
Okay, that was actually what I assumed, i.e. explicit subkey mentioning. Great, one suspect eliminated. ;-)
thanks.
