harmless but unpleasant-looking errors from gpg in t2u report emails

Eg

Subject: [tag2upload 61] uploaded dgit-test-dummy 1.109

...
To git+ssh://push.dgit.debian.org/dgit/debian/repos/dgit-test-dummy.git
   d8e42cc..fdd74e5  fdd74e570fe5d312efad62ef4b1c63228c6a4729 -> refs/dgit/rc-buggy
 * [new tag]         archive/debian/1.109 -> archive/debian/1.109
 * [new tag]         debian/1.109 -> debian/1.109
 signfile dsc dgit-test-dummy_1.109.dsc 374D8CE4DB96E9CBD4C0972A606D084E4683C079

 fixup_buildinfo dgit-test-dummy_1.109.dsc dgit-test-dummy_1.109_source.buildinfo
 signfile buildinfo dgit-test-dummy_1.109_source.buildinfo 374D8CE4DB96E9CBD4C0972A606D084E4683C079

 fixup_changes dsc dgit-test-dummy_1.109.dsc dgit-test-dummy_1.109_dgit.changes
 fixup_changes buildinfo dgit-test-dummy_1.109_source.buildinfo dgit-test-dummy_1.109_dgit.changes
 signfile changes dgit-test-dummy_1.109_dgit.changes 374D8CE4DB96E9CBD4C0972A606D084E4683C079

Successfully signed dsc, buildinfo, changes files
gpg: ../bpd/dgit-test-dummy_1.109_source.changes: Error checking signature from 606D084E4683C079: SignatureVerifyError: 0
gpg: ../bpd/dgit-test-dummy_1.109.dsc: Error checking signature from 606D084E4683C079: SignatureVerifyError: 0
Checking signature on .changes
Checking signature on .dsc
Uploading to ftp-master (via ftp to ftp.upload.debian.org):
  Uploading dgit-test-dummy_1.109.dsc: done.
  Uploading dgit-test-dummy_1.109.tar.gz: done.
  Uploading dgit-test-dummy_1.109.git.tar.xz: done.
  Uploading dgit-test-dummy_1.109_source.buildinfo: done.
  Uploading dgit-test-dummy_1.109_source.changes: done.
Successfully uploaded packages.
dgit (build host) ok: pushed and uploaded 1.109

It's not quite clear to me what is generating those messages, but I think it is probably dput. I think the t2u oracle public key isn't in the builder VM where dput will find it.

Passing -u to dput to make it not check the signature would seem reasonable. I'm not sure if this should be specific to t2u, or always done for rpush, or just always done when dgit invokes dput.

Not that dput carries on anyway so it's just a message. And one point of rpush is that you might not have your key available on the build host.

In favour of always suppressing this check: dgit knows that it just made these signatures. (And I think it verified them too.)

A complication is that dupload doesn't seem to have the -u or --unchecked option. So I'm not sure if there is a problem for people who've told dput to use dupload instead.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information