Skip Menu |

This queue is for tickets about the CPAN CPAN distribution.

Report information
The Basics
Id: 95835
Status: open
Priority: 0/
Queue: CPAN

People
Owner: Nobody in particular
Requestors: dolmen [...] cpan.org
Cc: ribasushi [...] leporine.io
AdminCc:

Bug Information
Severity: (no value)
Broken in: 2.05
Fixed in: (no value)



Subject: Is suggestion of "gpg --lsign-key 450F89EC" useful?
When installing CPAN 2.05 I have this in the output: Importing PAUSE public key into your GnuPG keychain... done! (You may wish to trust it locally with 'gpg --lsign-key 450F89EC') So I tried to do what is advised: $ LC_ALL=C gpg --lsign-key 450F89EC pub 1024D/450F89EC created: 2003-02-03 expires: 2015-06-30 usage: SC trust: unknown validity: unknown sub 2048g/D7B08B68 created: 2003-02-03 expired: 2005-02-02 usage: E sub 2048g/D18F70FF created: 2005-01-09 expired: 2007-02-28 usage: E sub 2048g/B49DE1AF created: 2007-01-01 expired: 2009-06-30 usage: E sub 2048g/035AFFBD created: 2009-01-22 expired: 2011-06-30 usage: E sub 2048g/7E1B2FA1 created: 2011-03-06 expired: 2013-06-30 usage: E sub 2048g/305B50EC created: 2013-05-04 expires: 2015-06-30 usage: E [ unknown] (1). PAUSE Batch Signing Key 2015 <pause@pause.perl.org> [ unknown] (2) PAUSE Batch Signing Key 2003 <pause@pause.perl.org> [ unknown] (3) PAUSE Batch Signing Key 2005 <pause@pause.perl.org> [ unknown] (4) PAUSE Batch Signing Key 2007 <pause@pause.perl.org> [ unknown] (5) PAUSE Batch Signing Key 2009 <pause@pause.perl.org> [ unknown] (6) PAUSE Batch Signing Key 2011 <pause@pause.perl.org> Really sign all user IDs? (y/N) y gpg: no default secret key: secret key not available Key not changed so no update needed. So, it appears that "gpg --lsign-key" did nothing. Is there something wrong happening? If not, is it worth suggesting this? -- Olivier Mengué - http://perlresume.org/DOLMEN

On 2014-05-22 02:49:53, DOLMEN wrote:
> gpg: no default secret key: secret key not available

This suggests you don't have GPG configured sufficiently for *signing* or *encrypting* things, so you can't "sign" a key to because you don't have a private key configured to sign *with*

That is to say, I'd expect that:

echo hello | gpg -a -s

is similarly useless on your present configuration.

Though "how to configure GPG and how to create a GPG key pair" is probably too complex to explain in an installer log.

However, "gpg --lsign-key 450F89EC" does indeed work for me, as I have GPG configured with a default key.