There are a few packages(1) in unstable who's .dsc file cannot be verified as the key is not available, i assume that the key has been revoked and removed from debians keyring. I think if a developer does revoke their key, then they should resign and reupload all their packages. If they dont and its ok for packages to exist without a valid signature then there isnt really much point in signing any packages, it gives a false sense of security. If users see a package that fails to verify then they should be thinking "well, im not going to trust that package", but as it is they are more likely to think "the maintainer probably revoked his key, it happens all the time, itll be right". Is my thinking flawed here ? Glenn (1) I only checked a little way into the archive and found ascpu_1.9-2.dsc asmix_1.3-2.dsc asmem_1.8-2.dsc glib-reference_000826-2.dsc gtk-reference_000826-2.dsc ude_0.2.6b-BETA-3.dsc gnat-glade-doc_3.13p-1.dsc wn_2.2.9-1.dsc gforth_0.5.0-1.dsc libmail-imapclient-perl_1.15-1.dsc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
