Hi James,
On Fri, Jul 07, 2017 at 12:38:46AM -0400, James McCoy wrote:
> On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote:
> > On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote:
> > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote:
> > > > asterisk$ gpg
On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote:
> On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote:
> > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote:
> > > asterisk$ gpg --import < debian/upstream/signing-key.asc
> > > gpg: key DAB29B236B940F89:
On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote:
> Control: retitle -1 [uscan] Add an exit status to indicate gpgv failure
>
> On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote:
> > Asterisk upstream sources are signed by several keys, see for example
> >
> >
On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote:
Hi,
> > IMHO this behaviour does not make any sense. You need to check the
> > authenticity of any additional key upstream might use before adding it
> > to the repo,
>
> Of course you do. Why wouldn't you verify the authenticity of
Control: retitle -1 [uscan] Add an exit status to indicate gpgv failure
On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote:
> Asterisk upstream sources are signed by several keys, see for example
>
>
Am 25.10.2016 um 16:07 schrieb Osamu Aoki:
Hi Osamu,
> This is very interesting report. I did not implement this feature so it
> is a learning experience for me. Please be patient.
>
>> When there is one signature of a key not listed in
>> debian/upstream/signing-key.asc a validation warning
Hi,
This is very interesting report. I did not implement this feature so it
is a learning experience for me. Please be patient.
> When there is one signature of a key not listed in
> debian/upstream/signing-key.asc a validation warning is thrown.
This sounds good to me.
> asterisk$ uscan
Package: devscripts
Version: 2.16.8
Severity: normal
File: /usr/bin/uscan
Hi,
Asterisk upstream sources are signed by several keys, see for example
http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-13.11.2.tar.gz
8 matches
Mail list logo