On 13 Oct 2017, at 10:44, Kambiz Darabi wrote:
Hello,
there are questions from the Debian dev who helps publishing the
package
about the signing key which is in the debian/ subtree.
Can someone please comment?
Thank you
Kambiz
Hm. Is this because you are grabbing tar balls from there, and Debian
would like to see those tar balls signed? I should probably modify the
make script for releasing to make a pop signature for the tar balls and
upload it.
I don't really have the capability of going back to regenerate and sign
the old tar balls I'm afraid. And anyway, I simply won't do it.
I have no idea what key is stored at debian
Cheers,
r
----- Forwarded Message -----
From: "Sébastien Villemot" <sebast...@debian.org>
To: "Kambiz Darabi" <dar...@m-creations.com>
Cc: 878...@bugs.debian.org
Sent: Friday, 13 October, 2017 5:07:45 PM
Subject: Re: Bug#878167: RFS: cl-asdf/3.3.0 - Another System
Definition Facility
Also, there is a GPG key under debian/upstream/signing-key.asc, but I
see no
signature on upstream website
(https://common-lisp.net/project/asdf/archives/).
Am I missing something? Or should the key be removed?
Thanks,
--
⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ http://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀ http://www.debian.org