On Thu, 2019-05-16 at 13:59 -0700, Linus Torvalds wrote:
> On Thu, May 16, 2019 at 1:34 PM Arnd Bergmann <arnd@xxxxxxxx> wrote:
> >
> >
> > I have reconfigured it locally now and pushed an identical tag with
> > a
> > new signature. Can you see if that gives you the same warning if
> > you
> > try to pull that?
>
> No, same issue:
The problem seems to be this:
jejb@jarvis:~> gpg --list-keys 60AB47FFC9095227
pub rsa4096 2011-10-27 [C]
88AFCD206B1611957187F16B60AB47FFC9095227
sub rsa4096 2011-10-27 [E]
Your key is a "Certification key" and you have an encryption subkey but
no signing key at all. Usually you either have a signing subkey or
your master key is both certification and signing ([CS] flags).
Certification keys can only be used to certify other keys, they can't
be used for signing, but I bet gpg is assuming that it can sign with
the master key even if it doesn't possess the signing flag.
You can make your master key a signing key by doing
gpg --expert --edit-key 60AB47FFC9095227
Then doing
gpg> change-usage
and selecting "toggle sign"
Or you could just add a signing subkey.
In either case you'll need to save and sign the changes and then push
to a keyserver for the rest of us to see it.
James
