Public bug reported:
In order to check the signature of click package we want to use the
debsig-verify tool. Because clicks and debs are similar we can use
debsig-verify with a appropriate policy to do the verifications. This
MIR covers the tool itself, the policy will be put into a seperate
package (much like the ubuntu-keyring package).
Availability:
- available in ubuntu universe and debian unstable
Security:
- security is checked
Quality assurance:
- utility that gets the configuration via a click-store-policy package so no
configuration required in the package itself
- no debconf question
- no long term open bugs (just 1 open bug in ubuntu, no open bugs in debian)
- the package is is well maintainedsince some months, it used to be orphaned
but Guillem Jover picked it up and it already got two uploads since June
- its a native package so no debian/watch files
UI standards: (generally only for user-facing applications)
- no UI, just CLI
Dependencies:
- all binary/source dependencies are in main
- follows FHS/debian policy
Maintenance:
- there is a active maintainer
Background information:
- the purpose of the package should be well explained in the description
Security checks
- no vulnerabilities yet
- no suid, /sbin, ports, daemons or plugins
** Affects: debsig-verify (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1358272
Title:
[MIR] debsig-verify
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debsig-verify/+bug/1358272/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
