Hi James, On Fri, Jul 07, 2017 at 12:38:46AM -0400, James McCoy wrote: > On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote: > > On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote: > > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote: > > > > asterisk$ gpg --import < debian/upstream/signing-key.asc > > > > gpg: key DAB29B236B940F89: public key "Joshua Colp > > > > <[email protected]>" imported > > > > gpg: key 9C59F000777DCC45: public key "Kevin Harwell > > > > <[email protected]>" imported > > > > gpg: key 6CB44E557BD982D8: public key "Richard Mudgett > > > > <[email protected]>" imported > > > > gpg: key 368AB332B59975F3: public key "George Joseph > > > > <[email protected]>" imported > > > > gpg: Total number processed: 4 > > > > gpg: imported: 4 > > > > > > > > DAB29B236B940F89 is in signing-key.asc but there is no signature, and > > > > there is an additional signature from 8438CBA18D0CAA72 > > > > > > > > When this happens uscan exits with rc=0, but does not process the file > > > > further without any meaningful error message. > > > > > > Indeed, uscan always exits with 0 if it found a newer version upstream. > > > When support for gpg verification was added, there wasn't an exit code > > > added to indicate that the verification failed. > > > > This is IMHO a security issues since it violates the principle of least > > surprise and makes it hard to use in an automated way. Can uscan be > > changed to exit non zero in case all signatures fail to validate? Maybe > > with a separate option (--fail-on-bad-sig) ? > > I'ved changed this behavior with > https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=3f3efc9 > such that signature verification failures are fatal.
Great. Thanks a lot! -- Guido _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
