Package: git Version: 1:2.11.0-2 Control: block 848678 by -1 I'm playing about with signed pushes, which I hope to use to allow the dgit git server to be used for general git hosting (pushable by DDs and DMs).
However, I see this: GIT_PUSH_CERT_KEY=A3DBCBC039B13D8A There is almost no purpose for which this 64-bit keyid can be safely used. The full key fingerprint should be provided instead. Although this might be an incompatible change, I think it is essential because anyone who is relying on this info right now is insecure. (Arguably this bug should have a higher severity than `normal'; but, I suspect nearly no-one is using this feature.) Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.