Bug 186963 - how to sign CLA with subkey
how to sign CLA with subkey
Product: Fedora Infrastructure
Classification: Retired
Component: Account System (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mike McGrath
Depends On:
  Show dependency treegraph
Reported: 2006-03-27 13:44 EST by Karsten Wade
Modified: 2008-03-17 14:00 EDT (History)
2 users (show)

See Also:
Fixed In Version: FAS2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-17 14:00:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Karsten Wade 2006-03-27 13:44:20 EST
We likely need to update the email you send people in the CLA process as well as
the Wiki pages online; or maybe the email has a pointer to the Wiki, which can
have all kind of exceptions and use-cases resolved.

## begin email from Thomas Bleher
I tried to get an Fedora account and had real difficulties signing the
CLA so the script would accept it. I finally managed to do it and am
writing you so you can either fix the script or amend the documentation.

My key looks like this:
$ gpg --list-keys 'Thomas Bleher'
pub   1024D/B2F4ABE7 2004-01-30
uid                  Thomas Bleher <ThomasBleher@gmx.de>
uid                  Thomas Bleher <thomas.bleher@jmh.mhn.de>
uid                  Thomas Bleher <bleher@informatik.uni-muenchen.de>
uid                  Thomas Bleher (Used for Archive Signing) <tbleher@gmx.de>
sub   1024g/2A40FB55 2004-01-30
sub   1024D/5314F77F 2004-02-18

Notice the subkey. Normally I use 5314F77F to sign everything. But the
script would always deny my request (I tried specifying both 5314F77F and
B2F4ABE7 as my GPG key on the "Edit Account" page but it didn't make a
It finally worked after I told gpg explicitly to sign the message with
my main key:
$ gpg -a -u B2F4ABE7! --sign fedora-icla-tbleher.txt
(Notice the ! which tells gpg that exactly this key should be used).
Comment 1 Thomas Bleher 2006-03-27 16:21:28 EST
It would also be helpful if the reject mail included some information why the 
signature failed to verify (the gpg command line and output would already help 
a lot in some cases); in my case I first had a buggy gpg version which 
produced invalid output (--clearsign worked but -a --sign did not) - if the 
command output were included in the returned mail it would have been easier to 
figure out the problem. 
Comment 2 Ricky Zhou 2008-03-17 14:00:42 EDT
This problem should no longer exist in FAS2 (since GPG signed emails are no
longer required).

Note You need to log in before you can comment on or make changes to this bug.