Re: [arch-haskell] haskell-xml-conduit-1.2.3.3-78 invalid package?

On Mon, Apr 13, 2015 at 09:31:12AM +0100, SP wrote:

If you do clear the cache as Nicola suggested and you still have problems, please also tell us which mirror you are using.

-- SP

There are no haskell packages in the cache and I tried with both xsounds and your repo SP. There's something strange with that package on both of my systems. After sleeping last night, I took a fresh look at this. On that one file the finger print is a truncated version of the fingerprint of the other haskell packages that are trying to install at the same time. So I went ahead and deleted Magnus' key, ran pacman -Suy, let the key get automatically verified, and pacman again fails on that one file. This is what happens if run pacman-key againts it:

pacman-key -v haskell-xml-conduit-1.2.3.3-78-x86_64.pkg.tar.xz.sig ==> Checking haskell-xml-conduit-1.2.3.3-78-x86_64.pkg.tar.xz.sig ... gpg: assuming signed data in 'haskell-xml-conduit-1.2.3.3-78-x86_64.pkg.tar.xz' gpg: Signature made Sun 12 Apr 2015 11:43:13 AM PDT using DSA key ID A418C0FE gpg: BAD signature from "ArchHaskell (Magnus Therning) " [unknown]

If I do the same thing agains haskell-http-conduit, I get the full output about good signature, keys, fingerprints, and all that stuff.