On Sat 2019-07-27 21:52:55 +0100, Jonathan McDowell wrote:
> On Fri, Jul 26, 2019 at 09:18:29PM +0100, Sean Whitton wrote:
>> For the purposes of tag2upload work, would you mind confirming this:
>>
>> On Tue 23 Jul 2019 at 06:38AM +01, Sean Whitton wrote:
>>
>> > AIUI a fingerprint fails to
On Sat, Jul 27, 2019 at 10:40:00PM +0100, Ian Jackson wrote:
> Jonathan McDowell writes ("Bug#932753: tag2upload should record git tag
> signer info in .dsc [and 1 more messages]"):
> > My understanding is this was true in the days of v3 keys/fingerprints
> > but is no
Jonathan McDowell writes ("Bug#932753: tag2upload should record git tag signer
info in .dsc [and 1 more messages]"):
> My understanding is this was true in the days of v3 keys/fingerprints
> but is not the case for v4. If we get to the point we find a collision
> then that's
On Fri, Jul 26, 2019 at 09:18:29PM +0100, Sean Whitton wrote:
> For the purposes of tag2upload work, would you mind confirming this:
>
> On Tue 23 Jul 2019 at 06:38AM +01, Sean Whitton wrote:
>
> > AIUI a fingerprint fails to uniquely identify a PGP key unless you also
> > include the
Hello PGP experts,
For the purposes of tag2upload work, would you mind confirming this:
On Tue 23 Jul 2019 at 06:38AM +01, Sean Whitton wrote:
> AIUI a fingerprint fails to uniquely identify a PGP key unless you also
> include the cryptographic algorithm that was used and the key size. So
>
Hello,
On Tue 23 Jul 2019 at 10:14PM +01, Ian Jackson wrote:
> Sean Whitton writes ("Bug#932753: tag2upload should record git tag signer
> info in .dsc [and 1 more messages]"):
>> AIUI a fingerprint fails to uniquely identify a PGP key unless you also
>> include
Sean Whitton writes ("Bug#932753: tag2upload should record git tag signer info
in .dsc [and 1 more messages]"):
> AIUI a fingerprint fails to uniquely identify a PGP key unless you also
> include the cryptographic algorithm that was used and the key size. So
> for exam
Hello,
On Mon 22 Jul 2019 at 07:55PM +01, Ian Jackson wrote:
> That means the original "uploader" information (ie the identity of the
> person signing the git tag) is not any more present in the source
> package. To rememdy that I propose the following new field:
>
> Git-Tag-Info: FINGERPRINT
Ian Jackson writes:
> Ian Jackson writes ("Re: Bug#932753: tag2upload should record git tag signer
> info in .dsc [and 1 more messages]"):
>> Russ Allbery writes ("Bug#932753: tag2upload should record git tag signer
>> info in .dsc [and 1 more messages]"
Ian Jackson writes ("Re: Bug#932753: tag2upload should record git tag signer
info in .dsc [and 1 more messages]"):
> Russ Allbery writes ("Bug#932753: tag2upload should record git tag signer
> info in .dsc [and 1 more messages]"):
> > Git-Tag-Info: fingerp
On Mon, 22 Jul 2019 20:54:29 +0100, Ian Jackson wrote:
> > Unfortunately , doing something extensible within the field requires adding
> > a separator, which in turn requires dealing with escaping, and thus is
> > kind of a mess. Given that, what if you instead used two fields:
> >
> >
Russ Allbery writes ("Bug#932753: tag2upload should record git tag signer info
in .dsc [and 1 more messages]"):
> One thing that jumps out at me here is that this field isn't extensible,
> since anything after the first space-separated word has to be taken to be
> the tagger
Ian Jackson writes:
> That means the original "uploader" information (ie the identity of the
> person signing the git tag) is not any more present in the source
> package. To rememdy that I propose the following new field:
> Git-Tag-Info: FINGERPRINT Firstname Surname
> The parsing rules
Hi. I am consulting on the name and syntax of a new field I intend to
put in .dsc's.
This is for our tag-to-upload service[1], as described here:
https://spwhitton.name/blog/entry/tag2upload/
The tag2upload service will take a signed git tag, and verify it
against the Debian keyrings and
14 matches
Mail list logo