Confira os temas que serão abordados na Interconf 2017!

[Terraviva Eventos]

Participe!

Parque de Exposições Pedro Ludovico Teixeira.
Rua 250 - Setor Nova Vila | Goiânia - GO.

Inscrições abertas no site: www.interconf.org.br

Re: Upstream Tarball Signature Files

[Paul Hardy]

Guillem,

On Tue, Aug 8, 2017 at 1:48 AM, Guillem Jover  wrote:

> Hi!
>
> On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote:
> > Also, where signature files are desired, I think it would be beneficial
> to
> > also accept binary ".sig" files...
>
> There is no need for that, you can convert from ASCII armored to
> binary signatures and the other way around easily. For example to
> convert from .sig to .asc you can do the following:
>
>   $ gpg --output - --enarmor unifont_upper-10.0.05.ttf.sig | \
> sed -e 's/ARMORED FILE/SIGNATURE/;/^Comment:/d' > \
> unifont_upper-10.0.05.ttf.asc
>   ...
>
> This could be done automatically as part of uscan, so you'd not even
> need to do it manually!
>

Would you consider doing this conversion in a separate shell script as part
of dpkg-dev (for example, named "sig2asc")?  Then the script could be run
from the command line, and uscan also could invoke it.  If you would accept
that, I could write a proposed shell script with a man page for you and
file them as patches in a bug against dpkg-dev or mail them to you
privately.

I am the GNU Project maintainer for Unifont.  I build the GNU upstream
version and the Debian version with one higher-level "make" command at the
same time.  So I would not use uscan for OpenPGP format conversion; I only
use it in my debian/watch file.

With a separate shell script in place, maintainer documentation could be
updated to mention it.  After that, wording for a Policy change concerning
upstream signatures could be crafted that would refer to that capability.

So I would postpone adding mention of upstream signature file use in the
Policy Manual until those components are in place (shell script and
maintainer document updates).

Thank you,


Paul Hardy