Package: dpkg-dev
Version: 1.18.19
Severity: serious
>From the changelog:
* Add support for signed .buildinfo files to dpkg-buildpackage. Add new
-ui and --unsigned-buildinfo options. Closes: #843925
This suggests that buildinfo files will now be signed by default. The
manpage and my ad-hoc tests agree.
Previously runes like
dpkg-buildpackage -uc -b
dpkg-buildpackage -F -uc -us
were known and recommended as ways to build packages locally.
Now these runes would have to be
dpkg-buildpackage -uc -b -ui
dpkg-buildpackage -F -uc -us -ui
But those runes are not supported by dpkg in jessie.
This means that there is no longer a rune for `build this package but
do not sign anything' that will work both before and after this
change.
IMO that is a serious regression.
IMO the correct fix is to, by default, sign the buildinfo iff the
.changes are being signed. That way -uc is sufficient.
Thanks for your attention.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
