Package: devscripts
Version: 2.18.2
Severity: minor

When I build a package for uploading into Debian (i.e. no --binary-arch)
a .buildinfo file gets generated which contains the checksum of the .dsc
file, which at that time is unsigned.

When I later debsign, the .dsc file is signed alongside with the .changes
file; however, the .buildinfo file contains the hashes of the .dsc file.
(I could omit the .buildinfo file or regenerate it, but since .changes
also includes .buildinfo signature this becomes annoying really fast.)

Please just check the .dsc checksum in a .buildinfo file, during verifi‐
cation of the latter, also against the .dsc file contents with the sig‐
nature stripped *IFF* the .dsc file itself is signed *and* passes signa‐
ture checking.


-- Package-specific info:

--- /etc/devscripts.conf ---

--- ~/.devscripts ---

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages devscripts depends on:
ii  dpkg-dev    
ii  libc6                 2.27-3
ii  libfile-homedir-perl  1.002-1
ii  perl                  5.26.2-3
ii  python3               3.6.5-3
ii  sensible-utils        0.0.12

Versions of packages devscripts recommends:
ii  apt                         1.6.1
ii  at                          3.1.20-5
ii  curl                        7.58.0-2
ii  dctrl-tools                 2.24-2+b1
ii  debian-keyring              2018.03.24
ii  dput                        1.0.2
ii  equivs                      2.1.0
ii  fakeroot                    1.22-2
ii  file                        1:5.33-2
ii  gnupg                       2.2.5-1
ii  gnupg2                      2.2.5-1
pn  libdistro-info-perl         <none>
ii  libdpkg-perl      
ii  libencode-locale-perl       1.05-1
pn  libgit-wrapper-perl         <none>
pn  liblist-compare-perl        <none>
ii  liblwp-protocol-https-perl  6.07-2
pn  libsoap-lite-perl           <none>
pn  libstring-shellquote-perl   <none>
ii  liburi-perl                 1.74-1
ii  libwww-perl                 6.33-1
pn  licensecheck                <none>
ii  lintian                     2.5.86
ii  man-db                      2.8.3-2
ii  patch                       2.7.6-2
ii  patchutils                  0.3.4-2
ii  python3-apt                 1.6.0
ii  python3-debian              0.1.32
ii  python3-magic               2:0.4.15-1
ii  python3-requests            2.18.4-2
pn  python3-unidiff             <none>
pn  python3-xdg                 <none>
ii  strace                      4.21-1
ii  unzip                       6.0-21
ii  wdiff                       1.2.2-2+b1
ii  wget                        1.19.5-1
ii  xz-utils                    5.2.2-1.3

Versions of packages devscripts suggests:
ii  adequate                                  0.15.1
pn  autopkgtest                               <none>
pn  bls-standalone                            <none>
ii  bsd-mailx [mailx]                         8.1.2-0.20160123cvs-4
ii  build-essential                           12.5
pn  check-all-the-things                      <none>
pn  cvs-buildpackage                          <none>
pn  devscripts-el                             <none>
ii  diffoscope                                94
pn  disorderfs                                <none>
pn  dose-extra                                <none>
pn  duck                                      <none>
pn  faketime                                  <none>
pn  gnuplot                                   <none>
ii  gpgv                                      2.2.5-1
pn  how-can-i-help                            <none>
pn  libauthen-sasl-perl                       <none>
pn  libfile-desktopentry-perl                 <none>
pn  libnet-smtps-perl                         <none>
pn  libterm-size-perl                         <none>
ii  libtimedate-perl                          2.3000-2
ii  libyaml-syck-perl                         1.30-1
pn  mozilla-devscripts                        <none>
pn  mutt                                      <none>
ii  openssh-client [ssh-client]               1:7.7p1-2
pn  piuparts                                  <none>
ii  postgresql-client-10 [postgresql-client]  10.4-2
ii  quilt                                     0.63-8.2
pn  ratt                                      <none>
pn  reprotest                                 <none>
pn  svn-buildpackage                          <none>
ii  w3m                                       0.5.3-36+b1

-- no debconf information

Reply via email to