We likely need to update the email you send people in the CLA process as well as the Wiki pages online; or maybe the email has a pointer to the Wiki, which can have all kind of exceptions and use-cases resolved. ## begin email from Thomas Bleher I tried to get an Fedora account and had real difficulties signing the CLA so the script would accept it. I finally managed to do it and am writing you so you can either fix the script or amend the documentation. My key looks like this: $ gpg --list-keys 'Thomas Bleher' pub 1024D/B2F4ABE7 2004-01-30 uid Thomas Bleher <ThomasBleher> uid Thomas Bleher <thomas.bleher.de> uid Thomas Bleher <bleher.de> uid Thomas Bleher (Used for Archive Signing) <tbleher> sub 1024g/2A40FB55 2004-01-30 sub 1024D/5314F77F 2004-02-18 Notice the subkey. Normally I use 5314F77F to sign everything. But the script would always deny my request (I tried specifying both 5314F77F and B2F4ABE7 as my GPG key on the "Edit Account" page but it didn't make a difference). It finally worked after I told gpg explicitly to sign the message with my main key: $ gpg -a -u B2F4ABE7! --sign fedora-icla-tbleher.txt (Notice the ! which tells gpg that exactly this key should be used).
It would also be helpful if the reject mail included some information why the signature failed to verify (the gpg command line and output would already help a lot in some cases); in my case I first had a buggy gpg version which produced invalid output (--clearsign worked but -a --sign did not) - if the command output were included in the returned mail it would have been easier to figure out the problem.
This problem should no longer exist in FAS2 (since GPG signed emails are no longer required).