Hello,
On Wed, Mar 24, 2021 at 09:59:59AM +0100, Christoph Biedl wrote:
> Felix Lechner wrote...
>
> > By the way, the suggestion behind this bug may not be implemented
> > anytime soon. It would cause Lintian's output to change over time
> > (same Lintian version on same package). Such tags are
Good morning Felix,
Felix Lechner wrote on Tue, Mar 23, 2021 at 14:16:26 -0700:
> Hi Daniel,
>
> On Mon, Jul 13, 2020 at 8:27 AM Daniel Shahaf wrote:
> >
> > a debian/upstream/signing-key.asc file
> > which contains an expired snapshot of upstream's signing key
>
> Did uscan give you any
Hi Christoph,
On Wed, Mar 24, 2021 at 2:00 AM Christoph Biedl
wrote:
>
> But that's your design decision.
No, it's an indicator that another QA tool might be a better place for
the warning.
> Other people's workflow might be different, though.
Everyone with a key uses 'uscan', and that is the
Felix Lechner wrote...
> By the way, the suggestion behind this bug may not be implemented
> anytime soon. It would cause Lintian's output to change over time
> (same Lintian version on same package). Such tags are hard to test in
> Lintian's test suite.
That argument seems fairly weird to me:
Hi Christoph,
On Tue, Mar 23, 2021 at 2:23 PM Christoph Biedl
wrote:
>
> gpgv: Can't check signature: No public key
That makes sense. I had a similar issue with wolfssl. Version 4.6.0-3
in unstable still contains the expired public key, but the validation
worked previously. As this open
Felix Lechner wrote...
> Did uscan give you any trouble when trying to validate upstream's
> release signature?
Try libgpg-error before #985793 gets fixed:
uscan: Newest version of libgpg-error on remote site is 1.42, local version
is 1.38
uscan: => Newer package available from:
Hi Daniel,
On Mon, Jul 13, 2020 at 8:27 AM Daniel Shahaf wrote:
>
> a debian/upstream/signing-key.asc file
> which contains an expired snapshot of upstream's signing key
Did uscan give you any trouble when trying to validate upstream's
release signature?
Kind regards
Felix Lechner
Axel Beckert wrote...
> That might be something for lintian-brush once a lintian check is
> there. Cc'ing Jelmer, the author of lintian-brush.
What's the status of that story? I hacked a few lines together that work at
least for the case where I encountered the problem. But it's fairly
fragile
Hi,
Daniel Shahaf wrote:
> After extending the key I re-pushed it to keyservers, but did not
> regenerate the d/u/signing-key.asc export. (I'd like to automate
> that regeneration, since my key appears in multiple packages'
> signing-key.asc files, but that's a question for another thread.)
That
Package: lintian
Version: 2.83.0
Severity: wishlist
Tags: upstream
Dear Maintainer,
I noticed yesterday that the current source package of
zsh-syntax-highlighting contains a debian/upstream/signing-key.asc file
which contains an expired snapshot of upstream's signing key: the
snapshot gives the
10 matches
Mail list logo