-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri 2019-03-15 15:30:56 +0100, Adam Majer wrote:
> The .spec file has (I added some comments here)
>
> Name: nodejs10
> Version:10.15.3
> Source: https://nodejs.org/dist/v%{version}/node-v%{version}.tar.xz
> Source1:
On Fri 2019-03-15 10:50:34 -0300, David Bremner wrote:
> Adam Majer writes:
>
>> The (my?) expectation is that a *.asc file is a detached signature.
>> That's why GPG is warning when it is not a detached signature. But I can
>> live with .sha256.asc if there is no .sha256 ;)
>
> Right, aren't
On Fri 2019-03-15 10:56:58 -0300, David Bremner wrote:
> Daniel Kahn Gillmor writes:
>
>> sure, though i'd change the .sha256.asc to be a clearsigned file instead
>> of the current ASCII-armored OpenPGP message that it currently is (as
>> Adam suggested elsewhere in this thread). And we can
Rob noticed that generating extra output on stderr from the notmuch cli
breaks some things in notmuch-emacs (in his case this was from a wrapper
script).
notmuch-search seems fairly robust at this point, but at least
notmuch-hello and notmuch-mua-mail get confused by the extra
output. I guess
On Fri 2019-03-15 02:53:28 +0100, Adam Majer wrote:
> adding explicit checks would add an extra BuildRequires in the build
> process to pull in gpg, which is excessive.
It shouldn't require gpg; it should only pull in gpgv, which is already
on the base system, no? And once the "small file" is
On Thu 2019-03-14 22:49:44 -0300, David Bremner wrote:
> OK, so apparently this is a problem for almost every project, including
> GnuPG? That's mildly terrifying...
sigh, i know :(
> I don't mind either way, but it does seem like there is a tradeoff,
> since with the previous version I suspect
Adam Majer writes:
> The (my?) expectation is that a *.asc file is a detached signature.
> That's why GPG is warning when it is not a detached signature. But I can
> live with .sha256.asc if there is no .sha256 ;)
Right, aren't detached signatures preferred in general? Or am I
misremembering
Daniel Kahn Gillmor writes:
>
> sure, though i'd change the .sha256.asc to be a clearsigned file instead
> of the current ASCII-armored OpenPGP message that it currently is (as
> Adam suggested elsewhere in this thread). And we can ditch the .sha256
> itself, which doesn't seem to be doing any
On Fri 2019-03-15 07:49:16 -0300, David Bremner wrote:
> BTW2: In a sense everyone has other defences since the tar ball contains a
> file "version" with the version in it.
Right, if there was a standard/conventional way to indicate the package
name and version information *within* any source
On Fri 2019-03-15 12:35:55 +0100, Adam Majer wrote:
> # osc chroot
> running: sudo chroot /var/tmp/build-root/openSUSE_Tumbleweed-x86_64 su -
> abuild
> # gpgv
> -bash: gpgv: command not found
That's surprising to me, but i'm ignorant about SUSE so you shouldn't be
surprised at my surprise :P
Daniel Kahn Gillmor writes:
> On Fri 2019-03-15 02:53:28 +0100, Adam Majer wrote:
>> adding explicit checks would add an extra BuildRequires in the build
>> process to pull in gpg, which is excessive.
>
> It shouldn't require gpg; it should only pull in gpgv, which is already
> on the base
11 matches
Mail list logo