Package: dpkg-dev Version: 1.18.19 Severity: serious >From the changelog:
* Add support for signed .buildinfo files to dpkg-buildpackage. Add new -ui and --unsigned-buildinfo options. Closes: #843925 This suggests that buildinfo files will now be signed by default. The manpage and my ad-hoc tests agree. Previously runes like dpkg-buildpackage -uc -b dpkg-buildpackage -F -uc -us were known and recommended as ways to build packages locally. Now these runes would have to be dpkg-buildpackage -uc -b -ui dpkg-buildpackage -F -uc -us -ui But those runes are not supported by dpkg in jessie. This means that there is no longer a rune for `build this package but do not sign anything' that will work both before and after this change. IMO that is a serious regression. IMO the correct fix is to, by default, sign the buildinfo iff the .changes are being signed. That way -uc is sufficient. Thanks for your attention. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.