On Fri, Aug 26, 2016 at 11:19:08AM +0200, Johannes Schauer wrote: > On Fri, 26 Aug 2016 09:35:20 +0200 Johannes Schauer <[email protected]> wrote: > > dscverify currently uses multiple regexes to parse a .dsc. Instead > > libdpkg-perl could be used. The advantages would be: > > > > - shorter code of dscverify > > - always using the latest hash sum algorithms > > - less surface for bugs to appear > > - automatic support for other signed deb822 formats with file lists
Agreed. Those reasons, among others, are why I've converted parts of other devscripts scripts to use dpkg's Perl APIs. > > If you would appreciate a conversion of the current dscverify code to > > libdpkg-perl, then please shout. I have experience with using the dpkg's > > perl api from using it for sbuild and I can easily provide a patch if > > that would be appreciated by the devscript maintainers. > > I just learned from Guillem that a dpkg tool is in the works with similar > capabilities as dscverify. It is called dpkg-sign and can also be used for > signature and checksum verification: Glad to hear. Any time there's less code for me to maintain is a good thing. :) > Thus, most of what dscverify does will become obsolete in the near future. Or at least will be moved out to dpkg-sign, with dscverify/debsign becoming thin wrappers. That reminds me that I need to spend some more time on deduplicating debuild now that dpkg-buildpackage provides much of the needed functionality. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
