Bug#841910: uscan behaviour on multiple signatures

2017-07-07 Thread Guido Günther
Hi James, On Fri, Jul 07, 2017 at 12:38:46AM -0400, James McCoy wrote: > On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote: > > On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote: > > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote: > > > > asterisk$ gpg

Bug#841910: uscan behaviour on multiple signatures

2017-07-06 Thread James McCoy
On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote: > On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote: > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote: > > > asterisk$ gpg --import < debian/upstream/signing-key.asc > > > gpg: key DAB29B236B940F89:

Bug#841910: uscan behaviour on multiple signatures

2017-07-06 Thread Guido Günther
On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote: > Control: retitle -1 [uscan] Add an exit status to indicate gpgv failure > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote: > > Asterisk upstream sources are signed by several keys, see for example > > > >

Bug#841910: uscan behaviour on multiple signatures

2016-10-28 Thread Bernhard Schmidt
On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote: Hi, > > IMHO this behaviour does not make any sense. You need to check the > > authenticity of any additional key upstream might use before adding it > > to the repo, > > Of course you do. Why wouldn't you verify the authenticity of

Bug#841910: uscan behaviour on multiple signatures

2016-10-26 Thread James McCoy
Control: retitle -1 [uscan] Add an exit status to indicate gpgv failure On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote: > Asterisk upstream sources are signed by several keys, see for example > >

Bug#841910: uscan behaviour on multiple signatures

2016-10-26 Thread Bernhard Schmidt
Am 25.10.2016 um 16:07 schrieb Osamu Aoki: Hi Osamu, > This is very interesting report. I did not implement this feature so it > is a learning experience for me. Please be patient. > >> When there is one signature of a key not listed in >> debian/upstream/signing-key.asc a validation warning

Bug#841910: uscan behaviour on multiple signatures

2016-10-25 Thread Osamu Aoki
Hi, This is very interesting report. I did not implement this feature so it is a learning experience for me. Please be patient. > When there is one signature of a key not listed in > debian/upstream/signing-key.asc a validation warning is thrown. This sounds good to me. > asterisk$ uscan

Bug#841910: uscan behaviour on multiple signatures

2016-10-24 Thread Bernhard Schmidt
Package: devscripts Version: 2.16.8 Severity: normal File: /usr/bin/uscan Hi, Asterisk upstream sources are signed by several keys, see for example http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-13.11.2.tar.gz