Package: dpkg Version: 1.19.7 Tags: patch Hello,
--require-valid-signature currently uses the DD uploading and DM keyrings (among others), it should also check against the DD nonuploading keyring as they are treated like DMs as per [1,2]. [1] https://www.debian.org/devel/join/newmaint [2] https://salsa.debian.org/ftp-team/dak/-/commit/39205cff6633040adecfdf0f7e4e5db06431a03c Here's a patch: diff --git a/man/po/dpkg-man.pot b/man/po/dpkg-man.pot index 8e27b66c5..eb53a57b8 100644 --- a/man/po/dpkg-man.pot +++ b/man/po/dpkg-man.pot @@ -17406,8 +17406,9 @@ msgid "" "Refuse to unpack the source package if it doesn't contain an OpenPGP " "signature that can be verified (since dpkg 1.15.0) either with the user's " "I<trustedkeys.gpg> keyring, one of the vendor-specific keyrings, or one of " -"the official Debian keyrings (I</usr/share/keyrings/debian-keyring.gpg> and " -"I</usr/share/keyrings/debian-maintainers.gpg>)." +"the official Debian keyrings (I</usr/share/keyrings/debian-keyring.gpg>, " +"I</usr/share/keyrings/debian-maintainers.gpg> and " +"I</usr/share/keyrings/debian-nonupload.gpg>). " msgstr "" #. type: TP diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 142fb8ddc..eb06149af 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -50,6 +50,7 @@ sub run_hook { if ($hook eq 'package-keyrings') { return ('/usr/share/keyrings/debian-keyring.gpg', + '/usr/share/keyrings/debian-nonupload.gpg', '/usr/share/keyrings/debian-maintainers.gpg'); } elsif ($hook eq 'archive-keyrings') { return ('/usr/share/keyrings/debian-archive-keyring.gpg'); -- Taowa Munene-Tardif ta...@debian.org taowa.ca Montréal