Re: Upstream Tarball Signature Files

Hi, On Fri, Aug 18, 2017 at 12:02:27PM +0200, Guillem Jover wrote: .. > Adding support for more signature formats or filename variations is > not hard, but it increases the amount of those extensions and perhaps > the additional sanity checks we have to support and perform on them on > multiple

Re: Upstream Tarball Signature Files

Hi, On Fri, Aug 18, 2017 at 12:08:02PM +0200, Guillem Jover wrote: > Hi! > > On Wed, 2017-08-16 at 00:22:43 -0700, Paul Hardy wrote: > > On Tue, Aug 8, 2017 at 1:48 AM, Guillem Jover wrote: > > > On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote: > > > > Also, where

Re: Upstream Tarball Signature Files

On Fri 2017-08-18 14:43:58 +0200, Mattia Rizzolo wrote: > I'd love if something did this for me, pretty much like I'd love > something like that does a pretty output to debian/upstream/signing-key > like > https://sources.debian.net/src/inkscape/0.92.2-1/debian/upstream/signing-key.asc/

Re: Upstream Tarball Signature Files

On Fri, Aug 18, 2017 at 07:48:24AM -0400, Daniel Kahn Gillmor wrote: > I confess that i've been taking the boring/silly/cheating way out and if > upstream ships a detached binary signature as foo-1.2.3.tar.gz.sig, i've > just been manually renaming it to foo_1.2.3.orig.tar.gz.asc (without > even

Re: Upstream Tarball Signature Files

On Fri 2017-08-18 12:08:02 +0200, Guillem Jover wrote: > Hmmm, I've been thinking about this a bit, and perhaps it would be > better if dpkg-source auto-converted any .sig binary signature into > an .asc ASCII armored one when generating the source package (as long > as there is no pre-existing

Re: Upstream Tarball Signature Files

Hi! On Wed, 2017-08-16 at 00:22:43 -0700, Paul Hardy wrote: > On Tue, Aug 8, 2017 at 1:48 AM, Guillem Jover wrote: > > On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote: > > > Also, where signature files are desired, I think it would be beneficial > > > to also accept

Re: Upstream Tarball Signature Files

Hi! [ Daniel CCed, please see the thread starting at . ] On Sat, 2017-08-12 at 15:32:22 -0700, Paul Hardy wrote: > On Tue, Aug 8, 2017 at 5:13 AM, Osamu Aoki wrote: > > On Tue, Aug 08, 2017 at 10:48:08AM +0200,

Re: Upstream Tarball Signature Files

Dear All, On Tue, Aug 15, 2017 at 7:25 AM, Osamu Aoki wrote: > > Hi, > > On Mon, Aug 14, 2017 at 10:13:10AM -0700, Russ Allbery wrote: > > Henrique de Moraes Holschuh writes: > > > > > May I humbly suggest that, *if* a change is going to be made, we switch > >

Re: Upstream Tarball Signature Files

Guillem, On Tue, Aug 8, 2017 at 1:48 AM, Guillem Jover wrote: > Hi! > > On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote: > > Also, where signature files are desired, I think it would be beneficial > to > > also accept binary ".sig" files... > > There is no need for

Re: Upstream Tarball Signature Files

Hi, On Mon, Aug 14, 2017 at 10:13:10AM -0700, Russ Allbery wrote: > Henrique de Moraes Holschuh writes: > > > We do when the binary sig is small enough to be stored along with the > > inode, instead of requiring an entire filesystem block (4KiB), and the > > armored signature

Re: Upstream Tarball Signature Files

Russ, On Sat, Aug 12, 2017 at 7:59 PM, Russ Allbery wrote: > > Hi Paul, > > This isn't a debian-policy matter... > My thinking was it would be beneficial for Debian Policy to suggest (but not require) use of upstream OpenPGP signatures when available, because such signature

Re: Upstream Tarball Signature Files

Henrique de Moraes Holschuh writes: > We do when the binary sig is small enough to be stored along with the > inode, instead of requiring an entire filesystem block (4KiB), and the > armored signature is not small enough for that :-( Of course, this > really depends a lot on the

Re: Upstream Tarball Signature Files

On Mon, 14 Aug 2017, Russ Allbery wrote: > Henrique de Moraes Holschuh writes: > > On Sun, 13 Aug 2017, Russ Allbery wrote: > >> it can't just move the file -- it has to ASCII-armor it. But still, I > >> think that's the right thing for the tools to do, not add another file. >

Re: Upstream Tarball Signature Files

Henrique de Moraes Holschuh writes: > On Sun, 13 Aug 2017, Russ Allbery wrote: >> it can't just move the file -- it has to ASCII-armor it. But still, I >> think that's the right thing for the tools to do, not add another file. >> (The ASCII format is completely equivalent to

Re: Upstream Tarball Signature Files

On Sun, 13 Aug 2017, Russ Allbery wrote: > it can't just move the file -- it has to ASCII-armor it. But still, I > think that's the right thing for the tools to do, not add another file. > (The ASCII format is completely equivalent to the binary format; the > conversion shouldn't lose or change

Re: Upstream Tarball Signature Files

Paul Hardy writes: > If it is permissible to rename a ".sig" file as ".asc", I think that is > the best solution because it copies the original signature file > unmodified. I tried it previously and it worked, but it seemed to me > like masquerading (because a binary file

Re: Upstream Tarball Signature Files

Paul Hardy writes: > Osamu: I did not mean just accept one format--I meant accept both ".asc" > and ".sig" files for ".changes", ".dsc", and uscan files. I suppose all > three manuals you mentioned could be modified to document this. > I had not brought this up until the

Re: Upstream Tarball Signature Files

On Tue, Aug 8, 2017 at 5:13 AM, Osamu Aoki wrote: > Hi, > > On Tue, Aug 08, 2017 at 10:48:08AM +0200, Guillem Jover wrote: > ... > > On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote: > > > Also, where signature files are desired, I think it would be > beneficial to > > >