New PAUSE signing key, new problems.
Again, checksum signatures seemed to have been the reason the CPAN module did not want to install modules. I saw an error message suggesting I should remove a particular CHECKSUM file from the local CPAN cache. This did not work however, as the newly retrieved one had the same problem. Reverse engineering revealed that gpg is called by the CPAN module with options to have it automatically download keys from keyserver.ubuntu.com. Only, apparently the key could not be downloaded. Ah yes, there is a PAUSE Batch Signing Key 2025. I found it on pgpkeys.eu, as well as on the PAUSE about page, and imported it manually to my keyring. Now the cpan command is working again.
In case you want to check:
PAUSE Batch Signing Key 2025 <pause@pause.perl.org>
Primary key fingerprint: 2E66 557A B97C 19C7 91AF 8E20 328D A867 450F 89EC
Subkey fingerprint: 1660 C9E7 C4AC 9195 3F49 8072 7C53 022A 40AD 6B1B
I am not quite sure what the actual problem was, only that it was fixed by (re-)importing a PAUSE key. I am running gpg (GnuPG) 2.2.43 on a Debian testing (trixie) machine. I may be in a minority using the cpan command rather than cpanplus, cpanm or whatnot, and having check_sigs configured to true. I do know I am an advocate for code signing and would like more authors to use Module::Signature though.
-Martin
In reply to More signature problems (was: Where do I find the current PAUSE batch signing key?)
by martin
in thread Where do I find the current PAUSE batch signing key?
by martin
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |