Your message dated Sat, 07 Dec 2024 12:49:21 +0000
with message-id <[email protected]>
and subject line Bug#1010955: fixed in devscripts 2.24.6
has caused the Debian Bug report #1010955,
regarding uscan: configure multiple signature verification
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1010955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010955
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devscripts
Version: 2.22.1
Severity: wishlist
Hello,
The latest gnutls tarballs have multiple signatures. I would like
to have uscan succeed if at least one of signatories is listed in
debian/upstream/signing-key.asc. Uscan currently requires all signatures
to verify with no way to configure differently afaict.
8X--------------
ametzler@argenau:/tmp/GNUTLS/gnutls-3.7.4$ uscan --verbose --rename
[...]
uscan info: Requesting URL:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.5.tar.xz.sig
uscan info: Verifying OpenPGP signature ../gnutls-3.7.5.tar.xz.sig for
../gnutls-3.7.5.tar.xz
gpgv: Signature made Do 12 Mai 2022 15:15:36 CEST
gpgv: using EDDSA key 5D46CB0F763405A7053556F47A75A648B3F9220C
gpgv: Can't check signature: No public key
gpgv: Signature made Do 12 Mai 2022 16:54:05 CEST
gpgv: using RSA key 462225C3B46F34879FC8496CD605848ED7E69871
gpgv: Good signature from "Daiki Ueno <[email protected]>"
gpgv: aka "Daiki Ueno <[email protected]>"
uscan die: OpenPGP signature did not verify. at
/usr/share/perl5/Devscripts/Uscan/Output.pm line 60.
ametzler@argenau:/tmp/GNUTLS/gnutls-3.7.4$
8X--------------
cu Andreas
--- End Message ---
--- Begin Message ---
Source: devscripts
Source-Version: 2.24.6
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated devscripts package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Dec 2024 13:41:53 +0100
Source: devscripts
Architecture: source
Version: 2.24.6
Distribution: unstable
Urgency: medium
Maintainer: Devscripts Maintainers <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 1010955 1079186 1089087
Changes:
devscripts (2.24.6) unstable; urgency=medium
.
[ Jochen Sprickerhof ]
* debrebuild: fix build path. Closes: #1089087.
.
[ Daniel Kahn Gillmor ]
* Uscan/Keyring.pm:
- gpgv can use /dev/null for homedir.
- add helper functions for OpenPGP ASCII Armor.
- adopt Guillem Jover's suggested improvements for perl.
- remove dependency on /usr/bin/gpg.
- add OpenPGP verification support for sop. Closes: #1010955.
- clean up perl nits. (thanks, Guillem Jover!)
- clean up references to RFC 9580.
- avoid bareword constructions (thanks, Guillem.)
- check results of writing and closing.
- rely on sopv instead of sop, except for "sop armor".
- perltidy.
* d/control and README, documented uscan depends:
- remove gnupg from dependency annotations, encourage sop.
- use the sopv alternatives, rather than enumerate sopv's implementations.
.
[ Guillem Jover ]
* scripts/Makefile: Use dpkg-vendor directly instead of including
dpkg/mk/vendor.mk. Closes: #1079186.
.
[ Jacob Mealey ]
* wnpp-alert: fix typo in --help output.
.
[ Holger Levsen ]
* Update po4a.
Checksums-Sha1:
24f3985e81c84083ae67faad4397e0893308a5e4 3375 devscripts_2.24.6.dsc
60165726753832baa3d2843c3120f0ed65ddde81 1021500 devscripts_2.24.6.tar.xz
8feb3927753f2acb5dcee20f4ec91535b3d6beac 18180
devscripts_2.24.6_source.buildinfo
Checksums-Sha256:
6cd9d04e0765fe733893a620fc47a86fda2024ef2de61672aeefcbdf9568f6f0 3375
devscripts_2.24.6.dsc
0389da28aa6c55122ff1c3aaa1162ecb77488a7f76ecde91296d03a4a2f51d6e 1021500
devscripts_2.24.6.tar.xz
a128c322b3797bea5d11df70b6d566226e1d2bdf42fbad6c717aa2c336d93067 18180
devscripts_2.24.6_source.buildinfo
Files:
925f6e5ec2331e72bcf79326c6211711 3375 devel optional devscripts_2.24.6.dsc
f275b20bc0d953c28021968e13d9e8da 1021500 devel optional
devscripts_2.24.6.tar.xz
9ccf8b345723615946231e08fa9a97fc 18180 devel optional
devscripts_2.24.6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmdUQ2kACgkQCRq4Vgaa
qhyedBAAvKAtztSv3SQL8AeS0PHZF0k+lLi/aUHkJ4TgpsPnL9cNCkDvxWGtB3xU
9iGuuyHFTOwVcn0Ii4s5iFjTnFwE8eDxavYECB8MZ5JZRv6BZYY0xOt2J/OXSD7x
dx9c4WN9WBAssTvLbjmfYCIu4bvX+dHnKV3Njhvvc/jIp2u9wnFXFjfVj5Tr3EkI
dad8VREqJfP7j5aP+rPpNAzwokCVe6u77fmqij47PqPCYjcZZwgHZrAzNdLCajO0
d2KIgwhX43VTUuPBrf9AkSxMBwH4U0ySB5ssFAv/3ldqJbQxGGPTNQwgdsW7/8KC
mgMaTb0HKp+VbLISnJtiE/2pPj4wqkdr/rjt7l3EGHhDXgMgqizFQ+EJYt5CsDhb
wA2mSvihFAFvu3oXFQ1BAHUhZCVtJ2Sbj92Cndz5X03o6JfpC3xFuBcYOl6/LvYs
SQ6XMC0SNE5DavzQXPA3Olzdl3SVXjcc9HGsbDZGDD0dpTxRyhTIEsg63mmRT9fD
DOQU2xahv3qg9BHuV455cPxfqMkI99qtTZVIpJ/1aYdDM30tDsEPqjGu17q1xRZP
x1JbLsolzYE22sJUpOJ9WFtEH4xsHJyp8qi0Y8+oNcjlbbARvkTWGqpHjq5+9Ycs
R0nbqrZ98xu2wkRslxVikO46T+Gix4fQeJEDI31jibkza9smJeg=
=NNHX
-----END PGP SIGNATURE-----
pgpJwuacwM4wC.pgp
Description: PGP signature
--- End Message ---
