Launchpad itself

Already imported key and key for Team PPA

Asked by Kentaro Hayashi

Background:

I've want to use launchpad.net to release a package for Groonga (http://groonga.org), then at first, I've created account for groonga(Not the team, launchpad id for groonga) and imported key for groonga (<email address hidden> - 45499429) .

After a while, I've reconsidered to use Team PPA is better instead of groonga account's PPA. so I've deactivated groonga account and created Team 'Groonga'

https://launchpad.net/~groonga

Then I've joined the Team. When I (member of Team Groonga) imported the key for groonga (fingerprint: C97E 4649 A205 1D0C EA1A 73F9 72A7 496B 4549 9429), launchpad says "
The key C97E4649A2051D0CEA1A73F972A7496B45499429 has already been imported. ".

Question:
1. I want to use the key for <email address hidden>, but I can't. what should I do? I've created groonga account at first, does it causes a this problem?
2. I want to use the key (<email address hidden>) and share it with the granted person - who joined the team Groonga, so if I could n't have enough time to release packages, another person take it. to accomplish such a workflow, what should each person do?
I guess that each person import the same key, above issue(1.) occurs again. Or if there is the person which imports the key, and that accout is active, is there nothing to do with it?

Question information

Language:
English Edit question
Status:
Solved
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Solved by:
Kentaro Hayashi
Solved:
Last query:
Last reply:
Revision history for this message
William Grant (wgrant) said : 		#1

It's not possible to share a single OpenPGP key between multiple Launchpad accounts. Each user who needs to upload must create their own personal key and sign the packages they upload with that.

Users downloading packages from the PPA don't see the signatures from the uploaded packages, so they don't need to know about these personal keys. Instead, they verify packages using the PPA-wide signing key that is automatically generated and held by Launchpad.

Revision history for this message
Kentaro Hayashi (kenhys) said : 		#2

Thanks. I've got it. I found that signing by another key and dput works.

By the way, I can accomplish purpose by using another key, but "Already imported key" problem (Question 1) is still exists. what's wrong?

Revision history for this message
William Grant (wgrant) said : 		#3

The key is permanently bound to that account, if the account no longer exists.

Revision history for this message
William Grant (wgrant) said : 		#4

*Even* if the account no longer exists, that is.

Revision history for this message
Kentaro Hayashi (kenhys) said : 		#5

It means:

"if you migrate existing user account(groonga) to Team(groonga), you should remove OpenPGP key at that time.
As you didn't it, so you can't use key which is bound to user account(groonga) anymore in this case."

Does it correct?

Revision history for this message
William Grant (wgrant) said : 		#6

It's not possible to disassociate the OpenPGP key even if you don't remove the account. Once a fingerprint is associated with a Launchpad account, it can never be moved to another Launchpad account.

Revision history for this message
Kentaro Hayashi (kenhys) said : 		#7

Thanks!

I see, It's very helpful.