Package: devscripts Version: 2.15.8~bpo8+1 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
There are a few related shortcomings with the documentation of pgpsigurlmangle and the related lintian tag debian-watch-may-check-gpg-signature. 1) The uscan manpage says: "This signature must be made by a key found in the keyring debian/upstream/signing-key.pgp or the armored keyring debian/upstream/signing-key.asc." - - What is an armored keyring? - - Isn't it, that the .asc file is just one public key as produced by gpg --armor --export $KEYID? - - Please give an example how to correctly produce this file. - - How can I produce a keyring .pgp file? - - Which format should be preferred? I don't like choices. 2) There is no example of a full watch file with a pgpsigurlmangle option. I needed several tries to get it right because it was the first time that I had to produce a non trivial watch file with an option. I believe that many others might be in the same situation. Please add an example to the uscan manpage or the lintian tag or both. 3) The lintian tag says: "verified against a keyring stored in debian/upstream-signing-key.asc" The manpage does not mention this file. It seems that the code still uses it, but it is confusing. 4) How about a script, that checks all watch files, tries GET requests against $URL.sig, $URL.asc and proposes a new watch file to the maintainer in case it finds something? Thomas Koch - -- Package-specific info: - --- /etc/devscripts.conf --- - --- ~/.devscripts --- DEBSIGN_KEYID="042BA65A" DEBUILD_DPKG_BUILDPACKAGE_OPTS="-i\.git -I.git" DEBEMAIL="tho...@koch.ro" DEBFULLNAME="Thomas Koch" BTS_INTERACTIVE=yes BTS_DEFAULT_CC="tho...@koch.ro" - -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.1.0-0.bpo.1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages devscripts depends on: ii dpkg-dev 1.17.25 ii libc6 2.19-18 ii perl 5.20.2-3+deb8u1 ii python3 3.4.2-2 pn python3:any <none> Versions of packages devscripts recommends: ii at 3.1.16-1 ii curl 7.38.0-4+deb8u2 ii dctrl-tools 2.23 ii debian-keyring 2015.04.10 ii dput 0.9.6.4 ii equivs 2.0.9 ii fakeroot 1.20.2-1 ii file 1:5.22+15-2 ii gnupg 1.4.18-7 ii libdistro-info-perl 0.14 ii libencode-locale-perl 1.03-1 ii libjson-perl 2.61-1 ii liblwp-protocol-https-perl 6.06-2 ii libsoap-lite-perl 1.11-1 ii liburi-perl 1.64-1 ii libwww-perl 6.08-1 ii lintian 2.5.35~bpo8+1 ii man-db 2.7.0.2-5 ii patch 2.7.5-1 ii patchutils 0.3.3-1 ii python3-debian 0.1.27 ii python3-magic 1:5.22+15-2 ii sensible-utils 0.0.9 ii strace 4.9-2 ii unzip 6.0-16 ii wdiff 1.2.2-1 ii wget 1.16-1 ii xz-utils 5.1.1alpha+20120614-2+b3 Versions of packages devscripts suggests: ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2 ii build-essential 11.7 pn cvs-buildpackage <none> pn debbindiff <none> ii devscripts-el 35.12 ii gnuplot 4.6.6-2 ii gpgv 1.4.18-7 ii libauthen-sasl-perl 2.1600-1 ii libfile-desktopentry-perl 0.07-1 ii libnet-smtp-ssl-perl 1.01-3 pn libterm-size-perl <none> ii libtimedate-perl 2.3000-2 pn libyaml-syck-perl <none> ii mutt 1.5.23-3 ii openssh-client [ssh-client] 1:6.7p1-5 pn svn-buildpackage <none> ii w3m 0.5.3-19 - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV1s9+AAoJEAf8SJEEK6Za6PkP/3TiZFiDqh8XFe5h6ycs7NtC 7YlVkoZAQ6LHzH4qFJo3xmnjSdMtX+t8f0uyAUijCIVKR0eFFl+IhcymzhMuHZve ddU8UouXZWm4jkUfXluyoJkHJkEWri90nZaq1F6iCMmJCljKVK0J4XZP4OJlZZ3k 6ka26KBkDp+wTTAPUWrRDckYsxMN60mOo+2OAGm+Gmyg5/QKcdf/VoKUWnLBt1ak /l7uRSRd422CWDOqQJX1MpPM5nz65f16S1+AEWtkMnq3BxrfFKkudD26dam+lnLo en1V6Ia1/uMS1/jgzrJsxpGn6kHrSVQkqcKRco+5yiGRYylvcQG237Gh04LAiCO2 IctQCtG05mGUPKBR44PMULgal18JkAwgZB5Ty9z+hNugiOGsuQOIV9u8MdKs1ll6 nqT+QzlttS1nFeHtB39RfNHF319DDsE5Wfuh3GZdi0sRXPUdncY7tncqJ3AVRQUx 475LdfmkRh81IMoKaFbJy3MayVAbT2LOtsU2+SJlzRJtueVyTukuBUR0vkflPB2d JPFJW8UgG6v2sLZu9f11nsh60MkugO1iDfcO+HRXXSZQ47Noyr7YPqzdAs0dzJNH XQBYLv7tNs1g0v4I2CnY3zCr+TLk0gTdidisvKINWwy7uXUkho0nwFJuYYcGzn3l oEKKgNOqWP5OshvrK1dt =puBp -----END PGP SIGNATURE-----