Source: dulwich Version: 0.24.10-1 Severity: serious https://ci.debian.net/packages/d/dulwich/testing/amd64/68554341/ shows:
UNEXPECTED SUCCESS: test_verify_invalid_signature (tests.test_signature.GPGSignatureVendorTests.test_verify_invalid_signature) Test that verify raises an error for invalid signatures. Looking at https://salsa.debian.org/python-team/packages/dulwich/-/blob/debian/main/debian/patches/03_fix_gpg_signature_verification_test, the second paragraph of the description ("This patch also ensures that all GPGMEError exceptions (not just BadSignatures) are properly caught and wrapped in BadSignature exceptions") doesn't seem to match the actual patch. Jelmer, is it possible you forgot to add part of the patch? Thanks, -- Colin Watson (he/him) [[email protected]] -- System Information: Debian Release: forky/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 6.18.5+deb14-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
