Comment 9 for bug 1700846

Dan Streetman (ddstreet) wrote :

This problem was not that the encoding was non-utf8, python-debian correctly detects that and uses chardet to autodetect the right encoding. That 'decoding from utf-8 failed' message is harmless.

The problem here is that the old package signature required a public key that's no longer in the keyring; ubuntutools/ treats that as an error and fails the sig verification, which errors out pull-debian-source. This 'works' for pull-lp-source because it uses UbuntuSourcePackage which inherits from SourcePackage which calls check_dsc() without verification turned on. Only DebianSourcePackage calls check_dsc() with verify_signature=True, so dsc sig verification is done only for debian packages.

I have already fixed this in my rewrite of pull-* in bug 1453330, by defaulting to verify the signature, but only printing a warning if it detects the public key isn't available. I also added the --no-verify-signature param (defaulting to false; do verification by default).

Also note that in trusty, the public key for this package version *is* in the keyring (in my test container, at least) and signature verification succeeds. In xenial and later, the public key isn't found.

Please feel free to merge bug 1453330 which will fix this bug for pull-debian-source (and, will change pull-lp-source and pull-uca-source to actually start verifying dsc signatures).