This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2a23a33da602624e927e7db7d8cc1808a6b38a2c commit 2a23a33da602624e927e7db7d8cc1808a6b38a2c Author: Guillem Jover <[email protected]> AuthorDate: Sat May 24 04:59:49 2025 +0200 Dpkg::Source::Package: Print a notice when verifying .dsc signatures This should make it clear that we are verifying the OpenPGP signatures, and not make this a silent operation, which is relevant to the user and how this ties into the security of the artifacts. --- scripts/Dpkg/Source/Package.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm index 9c2f23cd0..33e6501b1 100644 --- a/scripts/Dpkg/Source/Package.pm +++ b/scripts/Dpkg/Source/Package.pm @@ -525,6 +525,8 @@ sub check_signature { my $dsc = $self->get_filename(); my @certs; + info(g_('verifying %s'), $dsc); + push @certs, $self->{openpgp}->get_trusted_keyrings(); foreach my $vendor_keyring (run_vendor_hook('package-keyrings')) { -- Dpkg.Org's dpkg
