Bernhard Schmidt <be...@birkenwald.de> writes: > Control: forwarded -1 https://salsa.debian.org/debian/libidn2/merge_requests/1 > Control: tags -1 patch > > On Fri, Nov 24, 2017 at 10:08:41AM +0100, Tim Rühsen wrote: >> On 11/24/2017 09:40 AM, Simon McVittie wrote: >> > Source: libidn2 >> > Version: 2.0.4-1.1 >> > Severity: normal >> > >> > libidn2 contains both debian/upstream-signing-key.pgp and >> > debian/upstream/signing-key.asc, which appears to have been a mistake. >> > debian/upstream/signing-key.asc also appears to have unintended content. >> > >> > debian/upstream-signing-key.pgp is 72K, which seems plausible for a public >> > key (although the filename debian/upstream/signing-key.asc is preferred, >> > and uscan(1) recommends using gpg --export --export-options export-minimal >> > --armor to include only the public key, user IDs and self-signatures, and >> > not signatures by other people, to reduce the size further). It has two >> > user >> > IDs: >> > >> > % gpg --list-packets libidn2_2.0.4-1.1.debian/upstream-signing-key.pgp | >> > grep ':user ID packet:' >> > :user ID packet: "Simon Josefsson <si...@yubico.com>" >> > :user ID packet: "Simon Josefsson <si...@josefsson.org>" >> > >> > and it seems entirely plausible that Simon Josefsson is the only valid >> > upstream release manager for libidn2. >> >> Simon and me (Tim Rühsen <tim.rueh...@gmx.de>) - I signed the last few >> upstream releases with key 0x08302DB6A2670428. > > I have made the proposed changes in a seperate branch and added a merge > request on Salsa.
Merged now, thank you! /Simon
signature.asc
Description: PGP signature
