inkscape.org reports broken extension signature
I hope this is the correct place to report inkscape.org website issues…
Summary:
I recently joined inkscape.org and uploaded my first Inkscape extension, Snap Object Points, and the associated detached GPG signature. Although the signature verifies locally, the website claims it does not:
Steps to reproduce:
- Download
snap-objects.zip
. - Download
snap-objects_9uoUDtx.sig
- Download my public key, say as
pakin.asc
. - Convert my public key from ASCII to binary:
$ gpg --dearmor --output pakin.gpg pakin.asc
- Verify that the signature is valid:
$ gpg --no-default-keyring --keyring ./pakin.gpg --verify snap-objects_9uoUDtx.sig snap-objects.zip
gpg: Signature made Sun 22 Nov 2020 01:55:52 AM MST
gpg: using RSA key 888E96CCB15F8E476D4A1F456F7F752CCCA3F9F5
gpg: Good signature from "Scott Pakin <scott+gpg@pakin.org>" [ultimate]
gpg: aka "Scott Pakin <scott@pakin.org>" [ultimate]
gpg: aka "Scott Pakin <pakin@lanl.gov>" [ultimate]
What happened?
Command-line validation passes, but https://inkscape.org/~pakin/%E2%98%85snap-object-points shows a "broken signature or hash" icon.
What should have happened?
https://inkscape.org/~pakin/%E2%98%85snap-object-points should be showing a "valid signature" icon.
Version Info:
N/A