Created attachment 140691 [details] gpg session for key verification SUMMARY The package digiKam-7.3.0-MacOS-x86-64.pkg fails PGP signature verification with the key digikamdeveloper@gmail.com (D1CF 2444 A785 8C5F 2FB0...). Other downloads, for example the 7.2.0 macOS package and the 7.3.0 Windows package pass the verification step, so something is wrong with this specific package. STEPS TO REPRODUCE 1. Download digiKam-7.3.0-MacOS-x86-64.pkg from any mirror 2. Download the accompanying PGP signature 3. Import the digiKam public key. 4. Verify the signature with gpg --verify <>.sig <>. OBSERVED RESULT gpg reports that the package signature is invalid. EXPECTED RESULT gpg reports that the package signature is valid. SOFTWARE/OS VERSIONS Windows: macOS: 11.5.2 Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: ADDITIONAL INFORMATION
Same problem for me, even if i want to verify the digiKam-7.3.0-MacOS-x86-64.pkg in a linux machine, gpg reports that the package signature is invalid. The 7.2.0 was checked correctly for me. Why is this not fixed since over a month now?
Frank, Stable digiKam 7.4.0 MacOS Package is published. Please check if problem is reproducible. Thanks in advance Gilles Caulier
The problem appears to be fixed in the digiKam 7.4.0 macOS release. The PGP signature is valid using the public key from digiKam.org (digikamdeveloper@gmail.com) with fingerprint D1CF 2444 A785 8C5F 2FB0 95B7 4A77 747B C238 6E50. Many thanks.