I noticed that this upload was signed by a different key, not the one in d/upstream/signing-key.asc:
$ uscan --download-current-version Newest version of squid on remote site is 6.10, specified download version is 6.10 gpgv: Signature made Sat 08 Jun 2024 11:53:47 AM -03 gpgv: using EDDSA key 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 gpgv: Can't check signature: No public key uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 77. The key 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 belongs to "Francesco Chemolli (code signing key) <kin...@squid-cache.org>"[1]. Please track down information about this change (upstream mailing list? Announcement of 6.10 or previous versions?), and also if this key was signed by the previous one[2], from 6.6: $ uscan --download-current-version Newest version of squid on remote site is 6.6, specified download version is 6.6 gpgv: Signature made Thu 07 Dec 2023 01:03:55 AM -03 gpgv: using RSA key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E gpgv: Good signature from "Amos Jeffries (Squid Signing Key) <squ...@treenet.co.nz>" Successfully symlinked ../squid-6.6.tar.xz to ../squid_6.6.orig.tar.xz. If all of this checks out, then please document it in d/changelog and update d/upstream/signing-key.asc with the new key. 1. https://keyserver.ubuntu.com/pks/lookup?search=29B4B1F7CE03D1B1DED22F3028F85029FEF6E865&fingerprint=on&op=index 2. https://keyserver.ubuntu.com/pks/lookup?search=B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E&fingerprint=on&op=index ** Changed in: squid (Ubuntu Noble) Status: In Progress => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073322 Title: Upstream microrelease 6.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2073322/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
