Public bug reported: In order to check the signature of click package we want to use the debsig-verify tool. Because clicks and debs are similar we can use debsig-verify with a appropriate policy to do the verifications. This MIR covers the tool itself, the policy will be put into a seperate package (much like the ubuntu-keyring package).
Availability: - available in ubuntu universe and debian unstable Security: - security is checked Quality assurance: - utility that gets the configuration via a click-store-policy package so no configuration required in the package itself - no debconf question - no long term open bugs (just 1 open bug in ubuntu, no open bugs in debian) - the package is is well maintainedsince some months, it used to be orphaned but Guillem Jover picked it up and it already got two uploads since June - its a native package so no debian/watch files UI standards: (generally only for user-facing applications) - no UI, just CLI Dependencies: - all binary/source dependencies are in main - follows FHS/debian policy Maintenance: - there is a active maintainer Background information: - the purpose of the package should be well explained in the description Security checks - no vulnerabilities yet - no suid, /sbin, ports, daemons or plugins ** Affects: debsig-verify (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1358272 Title: [MIR] debsig-verify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debsig-verify/+bug/1358272/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs