FS#79998 - [python-aiohttp-openmetrics] gpg key outdated
Attached to Project:
Arch Linux
Opened by YongMing Zhang (aimixsaka) - Wednesday, 18 October 2023, 12:51 GMT
Last edited by Daniel M. Capella (polyzen) - Thursday, 19 October 2023, 00:00 GMT
Opened by YongMing Zhang (aimixsaka) - Wednesday, 18 October 2023, 12:51 GMT
Last edited by Daniel M. Capella (polyzen) - Thursday, 19 October 2023, 00:00 GMT
|
Details
Description:
- upstream gpg key changed Attached patch fixes existing gpg key. |
This task depends upon
Closed by Daniel M. Capella (polyzen)
Thursday, 19 October 2023, 00:00 GMT
Reason for closing: Deferred
Additional comments about closing: https://gitlab.archlinux.org/archlinux/d evtools/-/issues/93
Thursday, 19 October 2023, 00:00 GMT
Reason for closing: Deferred
Additional comments about closing: https://gitlab.archlinux.org/archlinux/d evtools/-/issues/93
Here is the correct patch :)
gpg key comes from "github user gpg": https://github.com/jelmer.gpg
gpg --output "$TEMPDIR/$key.asc" --armor --export --export-options export-minimal "$key" 2>/dev/null
...
mv "$TEMPDIR/$key.asc" "keys/pgp/$key.asc"
"--export-options export-minimal" means "removes all signatures except the most recent self-signature on each user ID"(from man gpg).
while patched key file in key/gpg/ contains all signatures from pub key, so in result it seems to be reversed.
(the github author seems signing the commit with a subkey other than "the most recent self-signature one")
(just my personal thought)