Bug #19113 for Pod-Readme: Pod::Readme key not on keyserver, it appears

Sat May 06 13:26:31 2006 Guest - Ticket created

Subject:

Pod::Readme key not on keyserver, it appears

Removing previously used /root/.cpan/build/Pod-Readme-0.08 gpgkeys: key C5A2D18FBB72D9C5 not found on keyserver gpg: Signature made Mon 01 May 2006 12:34:59 PM EDT using RSA key ID BB72D9C5 gpg: requesting key BB72D9C5 from hkp server pgp.mit.edu gpg: no valid OpenPGP data found. gpg: Can't check signature: public key not found ==> BAD/TAMPERED signature detected! <== Signature invalid for distribution file. Please investigate. Distribution id = R/RR/RRWO/Pod-Readme-0.08.tar.gz CPAN_USERID RRWO (Robert Rothenberg <rrwo@cpan.org>) CALLED_FOR Pod::Readme CHECKSUM_STATUS OK CONTAINSMODS Pod::Readme SIG_STATUS OK UPLOAD_DATE 2006-05-02 archived tar build_dir /root/.cpan/build/Pod-Readme-0.08 incommandcolor 1 localfile /root/.cpan/sources/authors/id/R/RR/RRWO/Pod-Readme-0.08.tar.gz unwrapped YES I'd recommend removing /root/.cpan/sources/authors/id/R/RR/RRWO/Pod-Readme-0.08.tar.gz. Its signature is invalid. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. For more information, try opening a subshell with look RRWO/Pod-Readme-0.08.tar.gz and there run cpansign -v Did not pass the signature test. Running make test Make had some problems, won't test Running make install Make had some problems, won't install Failed during this command: RRWO/Pod-Readme-0.08.tar.gz : signature_verify NO

Sat May 06 16:39:20 2006 Guest - Correspondence added

From:

rrwo [...] cpan.org

It seems the problem is that the signature is made by a subkey, and there's a bug in gpg where it cannot auto-retrieve subkeys: http://lists.gnupg.org/pipermail/gnupg-devel/2002-September/007700.html http://keyserver.kjsl.com/~jharris/keyserver.html

Sat May 06 16:39:21 2006 The RT System itself - Status changed from 'new' to 'open'

Sat May 06 16:43:40 2006 Guest - Correspondence added

Or check http://wwwkeys.us.pgp.net/ http://stinkfoot.org:11371/ This will show the subkey when searching by name (eg rrwo@cpan.org) but not by the subkey BB72D9C5.

Sat May 06 16:51:36 2006 Guest - Correspondence added

From:

ermeyers [...] adelphia.net

On Sat May 06 16:39:20 2006, guest wrote: Show quoted text

> It seems the problem is that the signature is made by a subkey, and > there's a bug in gpg where it cannot auto-retrieve subkeys: > >

http://lists.gnupg.org/pipermail/gnupg-devel/2002-September/007700.html Show quoted text

> > http://keyserver.kjsl.com/~jharris/keyserver.html

This is a very "critical" issue since it is impacting people trying to install Module::Build, and so many modules installations that are using Module::Build. I think that Module::Build needs to be fixed, so that "install Module::Build" doesn't fail because the Pod::Readme wasn't "force install Pod::Readme"'d. That's what I did.

Sun May 07 11:25:43 2006 Guest - Correspondence added

On Sat May 06 16:51:36 2006, guest wrote: Show quoted text

> This is a very "critical" issue since it is impacting people trying to > install Module::Build, and so many modules installations that are > using Module::Build. I think that Module::Build needs to be fixed, so > that "install Module::Build" doesn't fail because the Pod::Readme > wasn't "force install Pod::Readme"'d. That's what I did.

Version 0.081 has just been uploaded to CPAN. That version is not signed using Module::Signature.

Wed May 19 16:49:26 2010 davidp [...] preshweb.co.uk - Correspondence added

[I've taken over maintainership of this module] This looks to be an old problem which was solved a long time ago, so I'll close this ticket.

Wed May 19 16:49:31 2010 davidp [...] preshweb.co.uk - Status changed from 'open' to 'resolved'

Bug #19113 for Pod-Readme: Pod::Readme key not on keyserver, it appears

Preferred bug tracker