Skip Menu |

This queue is for tickets about the Algorithm-FloodControl CPAN distribution.

Report information
The Basics
Id: 59486
Status: resolved
Priority: 0/
Queue: Algorithm-FloodControl
People
Owner: Nobody in particular
Requestors: ANDK [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.990000
Fixed in: 2.000000

History Show all quoted text
  Sat Jul 17 15:49:48 2010 ANDK [...] cpan.org - Ticket created
Subject: Broken Signature
The distro seems to contain an outdated signature file. Witness: % cpansign -v Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve SIGNATURE gpg: Signature made Thu 06 Nov 2008 05:08:20 PM CET using DSA key ID 7E66E514 gpg: Good signature from "Андрей Костенко (GuGu) <andrey@kostenko.name>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4E01 A2AC 48FC C92F 7F26 9801 4610 B0A0 7E66 E514 --- SIGNATURE 2008-11-06 17:08:22.000000000 +0100 +++ - 2010-07-17 21:46:04.254027447 +0200 @@ -15,35 +15,37 @@ Hash: SHA1 SHA1 4b965af34c2df36269d204281645bc48770468d7 .cvsignore -SHA1 0bf137aa89c731a2466cd46f3958918fdcc1441b Changes -SHA1 fdf78441808b9e419791e7428b7b870505d83943 MANIFEST -SHA1 164a3007d27d2f3351b9527bb7c0357c6ab9aa4e META.yml -SHA1 a6635a3fae996f899132c21d03cc7cfd70bfe15f Makefile.PL +SHA1 e4ce88dddf20a0a6e993c6e8ef5feb140806168e Changes +SHA1 3780ab4abf4750d21fcd4c871b04dac8294690c2 MANIFEST +SHA1 d647e10b9f231ddd4b9a4c90fb20d75e6b3f8d30 META.yml +SHA1 1403ae17c4c344476cd8c71ec2b190fc13e64ccb Makefile.PL [...] ==> MISMATCHED content between SIGNATURE and distribution files! <== HTH, Let me know if you need more information, Greetings,
  Thu Sep 09 02:24:37 2010 ANDK [...] cpan.org - Correspondence added
I have retried to see what cpansign -v gives me and it has a different error message this time: % cpansign -v Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve SIGNATURE gpg: Signature made Thu 22 Jul 2010 03:06:54 PM CEST using RSA key ID 0B1DF7D5 gpg: requesting key 0B1DF7D5 from hkp server pool.sks-keyservers.net gpgkeys: key 824C423F0B1DF7D5 not found on keyserver gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found So it seems to me you were signing the correct files for the 2.000000 version but the key you're signing with is not uploaded to any public keyserver. Could you try to upload your key with something like gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 0B1DF7D5 ? That would then enable gnupg to verify the signature against that ID. Thanks,
  Thu Sep 09 02:24:40 2010 ANDK [...] cpan.org - Status changed from 'new' to 'open'
  Fri Sep 10 08:49:55 2010 andrey [...] kostenko.name - Correspondence added
Subject: Re: [rt.cpan.org #59486] Broken Signature
Date: Fri, 10 Sep 2010 15:49:24 +0300
To: bug-Algorithm-FloodControl [...] rt.cpan.org
From: Андрей Костенко <andrey [...] kostenko.name>
Thank you for report. Sorry for my late response. I've fixed it. On Thu, Sep 9, 2010 at 9:24 AM, Andreas Koenig via RT < bug-Algorithm-FloodControl@rt.cpan.org> wrote: Show quoted text
> Queue: Algorithm-FloodControl > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=59486 > > > I have retried to see what cpansign -v gives me and it has a different > error message this time: > > % cpansign -v > Executing gpg --verify --batch --no-tty > --keyserver=hkp://pool.sks-keyservers.net:11371 > --keyserver-options=auto-key-retrieve SIGNATURE > gpg: Signature made Thu 22 Jul 2010 03:06:54 PM CEST using RSA key ID > 0B1DF7D5 > gpg: requesting key 0B1DF7D5 from hkp server pool.sks-keyservers.net > gpgkeys: key 824C423F0B1DF7D5 not found on keyserver > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > gpg: Can't check signature: public key not found > > So it seems to me you were signing the correct files for the 2.000000 > version but the key you're signing with is not uploaded to any public > keyserver. Could you try to upload your key with something like > > gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 0B1DF7D5 > > ? That would then enable gnupg to verify the signature against that ID. > > Thanks, >
  Sat Mar 12 00:42:56 2011 ANDK [...] cpan.org - Status changed from 'open' to 'resolved'
  Sat Mar 12 00:42:56 2011 ANDK [...] cpan.org - Fixed in 2.000000 added