Your message dated Mon, 29 Jul 2024 07:51:10 +0000
with message-id <[email protected]>
and subject line Bug#1070700: fixed in rust-sequoia-chameleon-gnupg 0.10.1-1
has caused the Debian Bug report #1070700,
regarding gpgv-from-sq: apt complains "Unknown response from gpgv to
--assert-pubkey-algo check: gpgv: error: Error parsing command-line arguments"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1070700: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070700
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gpgv-from-sq
Version: 0.8.0-5
Control: affects -1 + apt
Control: forwarded -1 +
https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/68
As of 50e3fee26ae843a812b1c9ec8531946931773fd3, apt 2.7.13 started
trying to use --assert-pubkey-algo, which appears to have been hastily
added to GnuPG in 2.4.5 in response to https://dev.gnupg.org/T6946
(itself an outgrowth of https://bugs.debian.org/1042391)
It strikes me that a better approach would have been to simply have
GnuPG improve the default policy about what signatures are acceptable,
and bring them into alignment with the upcoming requirements for the
replacement of rfc 4880
(https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/).
Anyway, the way that apt is testing for the presence of this option is
quite brittle: it first tests whether the option is there or not, by
trying to use it and inspecting the format of the string emitted on
stderr. while gpgv-sq doesn't currently accept the option, its error
messages aren't the same as g10code's implementation of gpgv.
The result is that when gpgv-from-sq is installed, apt complains about
each configured repository:
Unknown response from gpgv to --assert-pubkey-algo check: gpgv: error:
Error parsing command-line arguments"
So one of three things should happen:
- gpgv-sq could implement --assert-pubkey-algo, which afaict is fairly
ill-defined.
- gpgv-sq could adjust its error messages to match the regex that apt is
using during its test.
- apt should relax its test for --assert-pubkey-algo so that it is less
brittle.
Even better, apt could adopt the `sopv` interface, which has a more
structured, simple, and formal definition, and then depend by default on
a sopv implementation that is already known to support the reasonable
policies described here.
--dkg
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: rust-sequoia-chameleon-gnupg
Source-Version: 0.10.1-1
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rust-sequoia-chameleon-gnupg, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated
rust-sequoia-chameleon-gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jul 2024 16:39:06 +0900
Source: rust-sequoia-chameleon-gnupg
Architecture: source
Version: 0.10.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
<[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 1070700 1073272 1074652
Changes:
rust-sequoia-chameleon-gnupg (0.10.1-1) unstable; urgency=medium
.
* Package sequoia-chameleon-gnupg 0.10.1 from crates.io using debcargo 2.6.1
Closes: #1073272, #1074652, #1070700.
Checksums-Sha1:
0f5c74c454b8150ca4eb722e4043446ee52d708c 4180
rust-sequoia-chameleon-gnupg_0.10.1-1.dsc
6cb0c206452b5e3e150ea909fb3b93ac04a47e07 1108570
rust-sequoia-chameleon-gnupg_0.10.1.orig.tar.gz
a7ff021558b64dd0781baaaee57ca8d916929f31 18460
rust-sequoia-chameleon-gnupg_0.10.1-1.debian.tar.xz
43eafb3cdf2352bb6f17be1c3e5f24fe3ead0dc5 7907
rust-sequoia-chameleon-gnupg_0.10.1-1_source.buildinfo
Checksums-Sha256:
0b729178560305a594e448727b84a3d09bd6d3c64cf4807ab183b86352c7238f 4180
rust-sequoia-chameleon-gnupg_0.10.1-1.dsc
d409bb658b076d2d10c793637764a98e1466daf54563e1f87beaf77538d3250f 1108570
rust-sequoia-chameleon-gnupg_0.10.1.orig.tar.gz
b9c0ced392102011f2cf30056b8146780df88e48a023ee0c27b1cf3b835467e7 18460
rust-sequoia-chameleon-gnupg_0.10.1-1.debian.tar.xz
e6779d53ee87892b4296920639b50bd7176b257260748851676c2069392af450 7907
rust-sequoia-chameleon-gnupg_0.10.1-1_source.buildinfo
Files:
1714999a4e3c745ccb5704b274f9e155 4180 utils optional
rust-sequoia-chameleon-gnupg_0.10.1-1.dsc
386b8a11dad49587baea903473cf685d 1108570 utils optional
rust-sequoia-chameleon-gnupg_0.10.1.orig.tar.gz
0c803b5480c35d9d6caf34030115436a 18460 utils optional
rust-sequoia-chameleon-gnupg_0.10.1-1.debian.tar.xz
7f52383bbc13681a0a05878d3cfc34d3 7907 utils optional
rust-sequoia-chameleon-gnupg_0.10.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJmp0cqCRAJGrhWBpqqHEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeg1jRTlPdLIbUm7RyGVthxz9rgd7vrO6jdSeRUSrvR
UxYhBLi/VBN7CdNc8Cb+nQkauFYGmqocAABi1A/7Bwd1bVKL8+xf2ICMTC4aU4bd
wclAmnBSOuJB1BE1AGFj9D2C95r99d2B9NHbTjZvEHW6Jk5YUZlBlzzxu81vTITU
RxxM/H3oWe6t43aePhtUqCBgBaaz3Ut1F4cYFzIbjsFc1A1bg+3goB99jmfpPDJU
tc0kEn965q7E6tTBxO3dGJzSX1vPkvKuScw50p+OLbZ4I+FkSieeuCy4/ff14mpN
F0u7T8vRkrtSVZ3mtRW/SlQF8fthpQutcVxvMuo74nsR5i0vhyBy0IIlHzZ8mlWF
1FiIZ5yc/BgjnPmor0RiKV58HpZDjDLskHcvR3PRJp0sOdXVsWjIxWLTljbfo//+
Cj8yT0INvMs1IkhkBK0ONjADc0FcbUyyfmYsDxKikac+izfFtVD42mXJ2k50ijV1
sFlj5PEIA/HbvAWzxkMUy5THmWGniML//AtQwcaXTOEF8xBZb49tyC5oOEypufM/
dKXDzjEwo5OSQMMxS/SRRFQZHfJIZvLF38fRyZWQ9fOGtqftW8LFzLvJNDbJwfD8
I3TSbOshKmBoUk6uWOoOVtxiucflSfmGL8ROCiiHfMJBjvlkPX7kstoNhheJYHVV
kjDQg8Wi0/NzhoPH+1MyimLSVrYu/lqx65ZKPO70nHO6htmKdA+JmwqKVuVUSM/c
/56z28s81rDSKN8YuBQ=
=y/0m
-----END PGP SIGNATURE-----
pgpm_NlH3XAs_.pgp
Description: PGP signature
--- End Message ---
