Your message dated Thu, 13 Oct 2022 23:08:18 +0200
with message-id <Y0h+QgF6kbMim/[email protected]>
and subject line Re: Bug#882694: [sysadmin] Signatures on uncompressed archives
has caused the Debian Bug report #882694,
regarding dpkg-source: please add support for upstream signature on
uncompressed tarball
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
882694: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882694
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg-dev
Version: 1.19.0.4
Severity: wishlist
Dear Maintainer,
Upstream software hosted on kernel.org usually has the uncompressed
tarball signed, but not the gzip or xz compressed one [1] [2]. I guess
the goal is to sign a single tarball instead of two. dpkg-source does
not seem to support this and expects the signature to be on the
compressed tarball.
Would it be possible to support such a scheme on the dpkg-source side?
Thanks,
Aurelien
[1] https://www.kernel.org/pub/linux/utils/usb/usbutils/
[2] https://www.kernel.org/pub/software/utils/i2c-tools/
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dpkg-dev depends on:
ii binutils 2.29.1-8
ii bzip2 1.0.6-8.1
ii libdpkg-perl 1.19.0.4
ii make 4.1-9.1
ii patch 2.7.5-1+b2
ii perl 5.26.1-2
ii tar 1.29b-2
ii xz-utils 5.2.2-1.3
Versions of packages dpkg-dev recommends:
ii build-essential 12.4
ii fakeroot 1.22-2
ii gcc [c-compiler] 4:7.2.0-1d1
ii gcc-6 [c-compiler] 6.4.0-10
ii gcc-7 [c-compiler] 7.2.0-16
ii gnupg 2.2.2-1
ii gnupg2 2.2.2-1
ii gpgv 2.2.2-1
ii libalgorithm-merge-perl 0.08-3
Versions of packages dpkg-dev suggests:
ii debian-keyring 2017.08.28
-- no debconf information
--- End Message ---
--- Begin Message ---
Hi!
On Tue, 2021-11-09 at 02:08:29 +0100, Guillem Jover wrote:
> Control: tag -1 wontfix
[…]
> I'm thus marking this wontfix and will be closing shortly.
Given the previous rationale, why supporting this would be rather
cumbersome, but more importantly would lower security, I'm closing
this now.
Thanks,
Guillem
--- End Message ---
