Re: Understand Debian Keyring
On January 5, 2020 12:34:53 PM EST, Wookey wrote: >On 2020-01-05 10:01 -0500, Tong Sun wrote: >> Now, before I redo the upload (and get it stuck again), let me try to >> understand the situation -- >> >> The reason it was stuck might be because my key was *considered* >> expired. The problem is, I renewed it two or three weeks ago, and sent >> it to pgp & >> Ubuntu key servers. >> >> The mentors.debian.net accepted my (renewed) key, but ftp-master >> didn't. Might that my key on ftp-master.debian.org is somehow not >> refreshed? Anyway, I tried to fix the issue by refreshing my key to >> keyring.debian.org. However, on reading https://keyring.debian.org/, I >> stated to wonder that if it good enough *now*: >> >> > We will include your changed key in our next keyring push (which happens >> > approx. monthly). >> >> What does it really mean? Shall I need to wait a month before uploading >> again? > >One thing is check that you are signing the packages with the new key >and not the old one (not sure if 'renewing' counts as a new key or >not?). If both are around (gpg -K will show available secret keys), >it's very easy to sign with the wrong one, and then ftp-master quietly >throws away your packages without telling you. > >I know this because I've had this problem for some time (my machine >defaults to using the wrong key despite having default-key set in >.gnupg/gpg.conf so I have to sign with an expicit key (debsign -k)). > >Wookey He said his key was expired, so in this context renewing his key means bumping the expiration date. That won't be a problem
Re: Understand Debian Keyring
On 2020-01-05 10:01 -0500, Tong Sun wrote: > Now, before I redo the upload (and get it stuck again), let me try to > understand the situation -- > > The reason it was stuck might be because my key was *considered* > expired. The problem is, I renewed it two or three weeks ago, and sent > it to pgp & > Ubuntu key servers. > > The mentors.debian.net accepted my (renewed) key, but ftp-master > didn't. Might that my key on ftp-master.debian.org is somehow not > refreshed? Anyway, I tried to fix the issue by refreshing my key to > keyring.debian.org. However, on reading https://keyring.debian.org/, I > stated to wonder that if it good enough *now*: > > > We will include your changed key in our next keyring push (which happens > > approx. monthly). > > What does it really mean? Shall I need to wait a month before uploading again? One thing is check that you are signing the packages with the new key and not the old one (not sure if 'renewing' counts as a new key or not?). If both are around (gpg -K will show available secret keys), it's very easy to sign with the wrong one, and then ftp-master quietly throws away your packages without telling you. I know this because I've had this problem for some time (my machine defaults to using the wrong key despite having default-key set in .gnupg/gpg.conf so I have to sign with an expicit key (debsign -k)). Wookey -- Principal hats: Linaro, Debian, Wookware, ARM http://wookware.org/ signature.asc Description: PGP signature
Re: Understand Debian Keyring
On Mon, Jan 6, 2020 at 12:02 AM Tong Sun wrote: > > On Sat, Jan 4, 2020 at 7:56 PM Paul Wise wrote: > > > > How to delete my package from ftp.upload.debian.org? > > > > Usually that means using dcut (from devscripts), but in this case the > > package is no longer in the upload queue so you cannot remove it from > > there. > > . . . > > Thanks a lot for the explanation. > > Now, before I redo the upload (and get it stuck again), let me try to > understand the situation -- > > The reason it was stuck might be because my key was *considered* > expired. The problem is, I renewed it two or three weeks ago, and sent > it to pgp & > Ubuntu key servers. > > The mentors.debian.net accepted my (renewed) key, but ftp-master > didn't. Might that my key on ftp-master.debian.org is somehow not > refreshed? Anyway, I tried to fix the issue by refreshing my key to > keyring.debian.org. However, on reading https://keyring.debian.org/, I > stated to wonder that if it good enough *now*: Yes, mentors.debian.net may accept your key update in short time, but for debian keyring it's not the same case. > > We will include your changed key in our next keyring push (which happens > > approx. monthly). > > What does it really mean? Shall I need to wait a month before uploading again? Yes, and keyring updates "monthly" means it may take about two months for your key update in the worst case. Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
Understand Debian Keyring
On Sat, Jan 4, 2020 at 7:56 PM Paul Wise wrote: > > How to delete my package from ftp.upload.debian.org? > > Usually that means using dcut (from devscripts), but in this case the > package is no longer in the upload queue so you cannot remove it from > there. > . . . Thanks a lot for the explanation. Now, before I redo the upload (and get it stuck again), let me try to understand the situation -- The reason it was stuck might be because my key was *considered* expired. The problem is, I renewed it two or three weeks ago, and sent it to pgp & Ubuntu key servers. The mentors.debian.net accepted my (renewed) key, but ftp-master didn't. Might that my key on ftp-master.debian.org is somehow not refreshed? Anyway, I tried to fix the issue by refreshing my key to keyring.debian.org. However, on reading https://keyring.debian.org/, I stated to wonder that if it good enough *now*: > We will include your changed key in our next keyring push (which happens > approx. monthly). What does it really mean? Shall I need to wait a month before uploading again?