On Fri, Oct 22, 1999 at 07:42:39PM -0400, Brian White wrote: > reopen 41794 > -- > > Nobody bothered to send any information about why this bug was closed, > but by looking through the logs... > > In the case of a key lookup in a ring, I can't see any reason why the > email address alone would not be enough to make it unique. It's not > a security thing since the security comes from having access to and > the passphrase for the private key, so it's simply a matter of convienence. > It would be convienent if dpkg wasn't so picky on this matter.
Appologies, it's been tedious work going through all the dpkg bugs, and I seem to have overlooked a few details in going through these. There is a higher issue at stake here though. The real problem is that having a maintainer address that is not referenced in the key ring is, IMO, bad. So by allowing a feature that permits signing a maintainer address that isn't in the keyring, we are breaking some fundamental neccesities for package signing. I still believe it is a bad idea and the bug should be closed since I wouldn't ever want to see it implemented, but it's not my bug, nor am I the official maintainer. So you are free to leave it as you see fit. Ben
