Bug#956055: dpkg should use treat signatures from the DD_nu keyring as valid
Hi Guillem, On Mon, Apr 20, 2020 at 12:13:30AM +0200, Guillem Jover wrote: > Hi! > > On Mon, 2020-04-06 at 14:57:30 -0400, Taowa wrote: > > Package: dpkg > > Version: 1.19.7 > > Tags: patch > > > --require-valid-signature currently uses the DD uploading and DM > > keyrings (among others), it should also check against the DD > > nonuploading keyring as they are treated like DMs as per [1,2]. > > Thanks for the patch! The change to the .pot should have gone instead > to the man/dpkg-source.man (but that didn't trigger a git grep I guess > due to the escaped «-» :/, I'll be moving to POD so that this kind of > thing does not happen among other stuff :), I've fixed this locally. Great, thanks :) > I was wondering though how do you want it to be attributed when I > commit to git? Say: > > Taowa Munene-Tardif > > or like in the From to the bug report? > > Taowa > > Something else? :) Taowa Munene-Tardif is my preference, but I hadn't gotten around to sending email as taowa@d.o yet. Thanks for asking! > (I'd recommend setting up git config user.email, committing patches to > git and then using «git format-patch» so that you state clearly this > kind of thing. :) That seems like a much easier workflow, I'll keep it in mind for next time. Thanks again, Taowa -- Taowa Munene-Tardif ta...@debian.org taowa.ca Montréal
Bug#956055: dpkg should use treat signatures from the DD_nu keyring as valid
Hi! On Mon, 2020-04-06 at 14:57:30 -0400, Taowa wrote: > Package: dpkg > Version: 1.19.7 > Tags: patch > --require-valid-signature currently uses the DD uploading and DM > keyrings (among others), it should also check against the DD > nonuploading keyring as they are treated like DMs as per [1,2]. Thanks for the patch! The change to the .pot should have gone instead to the man/dpkg-source.man (but that didn't trigger a git grep I guess due to the escaped «-» :/, I'll be moving to POD so that this kind of thing does not happen among other stuff :), I've fixed this locally. I was wondering though how do you want it to be attributed when I commit to git? Say: Taowa Munene-Tardif or like in the From to the bug report? Taowa Something else? :) (I'd recommend setting up git config user.email, committing patches to git and then using «git format-patch» so that you state clearly this kind of thing. :) Thanks, Guillem
Bug#956055: dpkg should use treat signatures from the DD_nu keyring as valid
Package: dpkg
Version: 1.19.7
Tags: patch
Hello,
--require-valid-signature currently uses the DD uploading and DM
keyrings (among others), it should also check against the DD
nonuploading keyring as they are treated like DMs as per [1,2].
[1] https://www.debian.org/devel/join/newmaint
[2]
https://salsa.debian.org/ftp-team/dak/-/commit/39205cff6633040adecfdf0f7e4e5db06431a03c
Here's a patch:
diff --git a/man/po/dpkg-man.pot b/man/po/dpkg-man.pot
index 8e27b66c5..eb53a57b8 100644
--- a/man/po/dpkg-man.pot
+++ b/man/po/dpkg-man.pot
@@ -17406,8 +17406,9 @@ msgid ""
"Refuse to unpack the source package if it doesn't contain an OpenPGP "
"signature that can be verified (since dpkg 1.15.0) either with the
user's "
"I keyring, one of the vendor-specific keyrings, or
one of "
-"the official Debian keyrings
(I and "
-"I)."
+"the official Debian keyrings
(I, "
+"I and "
+"I). "
msgstr ""
#. type: TP
diff --git a/scripts/Dpkg/Vendor/Debian.pm
b/scripts/Dpkg/Vendor/Debian.pm
index 142fb8ddc..eb06149af 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -50,6 +50,7 @@ sub run_hook {
if ($hook eq 'package-keyrings') {
return ('/usr/share/keyrings/debian-keyring.gpg',
+'/usr/share/keyrings/debian-nonupload.gpg',
'/usr/share/keyrings/debian-maintainers.gpg');
} elsif ($hook eq 'archive-keyrings') {
return ('/usr/share/keyrings/debian-archive-keyring.gpg');
--
Taowa Munene-Tardif
ta...@debian.org
taowa.ca
Montréal
