Package: devscripts Version: 2.10.7 Severity: important dscverify relies on the keyring packaged in debian-keyring which has not had an upload since 2005. dscverify therefore fails to verify new DD's (like me) and wrongly verifies signatures of DD's who may have resigned or otherwise had their key removed from the keyring.
Isn't there a way for devscripts to sync the real Debian keyring in order to run dscverify, maybe with an '--update' option to refresh the local copy? As it stands, devscripts would be better off without dscverify because the results of dscverify are simply untrustworthy. --- System information. --- Architecture: amd64 Kernel: Linux 2.6.21-2-amd64 Debian Release: lenny/sid 500 unstable www.linux.codehelp.co.uk 500 unstable www.emdebian.org 500 unstable ftp.uk.debian.org --- Package information. --- Depends (Version) | Installed ==========================-+-=========== dpkg-dev | 1.14.5 debianutils (>= 2.0) | 2.23.1 perl (>= 5.8) | 5.8.8-7 sed (>= 2.95) | 4.1.5-3 libc6 (>= 2.6-1) | 2.6.1-1 -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
pgprU7oD74uRu.pgp
Description: PGP signature