Change Details

I took these steps as a debian admin: # `apt-key adv --recv-key 0x5145B9CD752C0197` # `gpg --keyring /etc/apt/trusted.gpg --edit-key 0x5145B9CD752C0197 trust` # Selected full trust ("4") Then ran: `gpg --verify --keyring /etc/apt/trusted.gpg <(curl -s http://wertarbyte.de/apt/Release.gpg) <(curl -s http://wertarbyte.de/apt/Release)` which resulted in: ``` gpg: Signature made Wed 25 May 2011 11:15:52 PM CEST gpg: using DSA key 5145B9CD752C0197 gpg: Good signature from "Wertarbyte.de (Software Signing Key) <kontakt@wertarbyte.de>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CC49 F74C 816C 499C 899A 4288 5145 B9CD 752C 0197 ``` The warning shouldn't be there when the key is fully trusted. This has an additional side effect of causing false errors in the aptitude package manager: ``` W: GPG error: tor+http://wertarbyte.de/apt ./ Release: The following signatures were invalid: CC49F74C816C499C899A42885145B9CD752C0197 E: The repository 'tor+http://wertarbyte.de/apt ./ Release' is not signed. E: Failed to download some files ```

I took these steps as a debian admin: # `apt-key adv --recv-key 0x5145B9CD752C0197` # `gpg --keyring /etc/apt/trusted.gpg --edit-key 0x5145B9CD752C0197 trust` # Selected full trust ("4") Then ran: `gpg --verify --keyring /etc/apt/trusted.gpg <(curl -s http://wertarbyte.de/apt/Release.gpg) <(curl -s http://wertarbyte.de/apt/Release)` which resulted in: ``` gpg: Signature made Wed 25 May 2011 11:15:52 PM CEST gpg: using DSA key 5145B9CD752C0197 gpg: Good signature from "Wertarbyte.de (Software Signing Key) <kontakt@wertarbyte.de>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CC49 F74C 816C 499C 899A 4288 5145 B9CD 752C 0197 ``` The warning shouldn't be there when the key is fully trusted. This has an additional side effect of causing false errors in the aptitude package manager: ``` W: GPG error: tor+http://wertarbyte.de/apt ./ Release: The following signatures were invalid: CC49F74C816C499C899A42885145B9CD752C0197 E: The repository 'tor+http://wertarbyte.de/apt ./ Release' is not signed. E: Failed to download some files ``` This ultimately blocks installation of the package, thus the bug is somewhat severe.

I took these steps as a debian admin: # `apt-key adv --recv-key 0x5145B9CD752C0197` # `gpg --keyring /etc/apt/trusted.gpg --edit-key 0x5145B9CD752C0197 trust` # Selected full trust ("4") Then ran: `gpg --verify --keyring /etc/apt/trusted.gpg <(curl -s http://wertarbyte.de/apt/Release.gpg) <(curl -s http://wertarbyte.de/apt/Release)` which resulted in: ``` gpg: Signature made Wed 25 May 2011 11:15:52 PM CEST gpg: using DSA key 5145B9CD752C0197 gpg: Good signature from "Wertarbyte.de (Software Signing Key) <kontakt@wertarbyte.de>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CC49 F74C 816C 499C 899A 4288 5145 B9CD 752C 0197 ``` The warning shouldn't be there when the key is fully trusted. This has an additional side effect of causing false errors in the aptitude package manager: ``` W: GPG error: tor+http://wertarbyte.de/apt ./ Release: The following signatures were invalid: CC49F74C816C499C899A42885145B9CD752C0197 E: The repository 'tor+http://wertarbyte.de/apt ./ Release' is not signed. E: Failed to download some files ``` This ultimately blocks installation of the package, thus the bug is somewhat severe.