Ben Finney <bign...@debian.org> writes:
> I am preparing a new version of ‘dput’ that stops using ‘/usr/bin/gpg’,
> and instead uses the GPGME library for GnuPG operations.
> If your packaging workflow has unusual signing practices, or an unusual
> GnuPG configuration, your help will be especially valuable to test this
In particular I am seeking workflows and tests that:
* Use signatures from keys that are now expired, or from keys that your
GnuPG doesn't trust, or from keys that your GnuPG doesn't know.
* Use signatures that are well-formed but fail to verify, or that are
good but very old, or that are from the future.
* Use non-default hash algorithms, or non-default options that would
otherwise affect the generated signature.
* Use GnuPG version 1 on a system with GnuPG 2, or vice versa.
* Use outdated versions of GPGME.
I'm also hoping some people interested in back-porting ‘dput’ to older
Debian releases can help test these changes on those systems.
Please contact me at <d...@packages.debian.org> to offer your packaging
system to test this new release.
\ “Good judgement comes from experience. Experience comes from |
`\ bad judgement.” —Frederick P. Brooks |