Bug#956055: dpkg should use treat signatures from the DD_nu keyring as valid
Hi Guillem, On Mon, Apr 20, 2020 at 12:13:30AM +0200, Guillem Jover wrote: > Hi! > > On Mon, 2020-04-06 at 14:57:30 -0400, Taowa wrote: > > Package: dpkg > > Version: 1.19.7 > > Tags: patch > > > --require-valid-signature currently uses the DD uploading and DM > > keyrings (among others), it should also check against the DD > > nonuploading keyring as they are treated like DMs as per [1,2]. > > Thanks for the patch! The change to the .pot should have gone instead > to the man/dpkg-source.man (but that didn't trigger a git grep I guess > due to the escaped «-» :/, I'll be moving to POD so that this kind of > thing does not happen among other stuff :), I've fixed this locally. Great, thanks :) > I was wondering though how do you want it to be attributed when I > commit to git? Say: > > Taowa Munene-Tardif > > or like in the From to the bug report? > > Taowa > > Something else? :) Taowa Munene-Tardif is my preference, but I hadn't gotten around to sending email as taowa@d.o yet. Thanks for asking! > (I'd recommend setting up git config user.email, committing patches to > git and then using «git format-patch» so that you state clearly this > kind of thing. :) That seems like a much easier workflow, I'll keep it in mind for next time. Thanks again, Taowa -- Taowa Munene-Tardif ta...@debian.org taowa.ca Montréal
Bug#956055: dpkg should use treat signatures from the DD_nu keyring as valid
Hi! On Mon, 2020-04-06 at 14:57:30 -0400, Taowa wrote: > Package: dpkg > Version: 1.19.7 > Tags: patch > --require-valid-signature currently uses the DD uploading and DM > keyrings (among others), it should also check against the DD > nonuploading keyring as they are treated like DMs as per [1,2]. Thanks for the patch! The change to the .pot should have gone instead to the man/dpkg-source.man (but that didn't trigger a git grep I guess due to the escaped «-» :/, I'll be moving to POD so that this kind of thing does not happen among other stuff :), I've fixed this locally. I was wondering though how do you want it to be attributed when I commit to git? Say: Taowa Munene-Tardif or like in the From to the bug report? Taowa Something else? :) (I'd recommend setting up git config user.email, committing patches to git and then using «git format-patch» so that you state clearly this kind of thing. :) Thanks, Guillem
Bug#956055: dpkg should use treat signatures from the DD_nu keyring as valid
Package: dpkg Version: 1.19.7 Tags: patch Hello, --require-valid-signature currently uses the DD uploading and DM keyrings (among others), it should also check against the DD nonuploading keyring as they are treated like DMs as per [1,2]. [1] https://www.debian.org/devel/join/newmaint [2] https://salsa.debian.org/ftp-team/dak/-/commit/39205cff6633040adecfdf0f7e4e5db06431a03c Here's a patch: diff --git a/man/po/dpkg-man.pot b/man/po/dpkg-man.pot index 8e27b66c5..eb53a57b8 100644 --- a/man/po/dpkg-man.pot +++ b/man/po/dpkg-man.pot @@ -17406,8 +17406,9 @@ msgid "" "Refuse to unpack the source package if it doesn't contain an OpenPGP " "signature that can be verified (since dpkg 1.15.0) either with the user's " "I keyring, one of the vendor-specific keyrings, or one of " -"the official Debian keyrings (I and " -"I)." +"the official Debian keyrings (I, " +"I and " +"I). " msgstr "" #. type: TP diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 142fb8ddc..eb06149af 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -50,6 +50,7 @@ sub run_hook { if ($hook eq 'package-keyrings') { return ('/usr/share/keyrings/debian-keyring.gpg', +'/usr/share/keyrings/debian-nonupload.gpg', '/usr/share/keyrings/debian-maintainers.gpg'); } elsif ($hook eq 'archive-keyrings') { return ('/usr/share/keyrings/debian-archive-keyring.gpg'); -- Taowa Munene-Tardif ta...@debian.org taowa.ca Montréal