Re: Upstream Tarball Signature Files

2017-08-07 Thread Sean Whitton
Hello, On Mon, Aug 07 2017, Paul Hardy wrote: > The version of lintian now in testing, 2.5.52, introduces a new error > (not just a warning) for missing ".asc" signature files. The relevant > changelog entry is > > + Added: >... - orig-tarball-missing-upstream-signature > > A

Processed: user debian-pol...@packages.debian.org, limit package to debian-policy, tagging 845255 ...

2017-08-07 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > user debian-pol...@packages.debian.org Setting user to debian-pol...@packages.debian.org (was spwhit...@spwhitton.name). > limit package debian-policy Limiting to bugs with field 'package' containing at least one of 'debian-policy' Limit

Upstream Tarball Signature Files

2017-08-07 Thread Paul Hardy
The version of lintian now in testing, 2.5.52, introduces a new error (not just a warning) for missing ".asc" signature files. The relevant changelog entry is + Added: ... - orig-tarball-missing-upstream-signature A missing ".orig.tar.*.asc" file now produces a

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Didier 'OdyX' Raboud
Le lundi, 7 août 2017, 09.40:22 h EDT Russ Allbery a écrit : > Daniel Kahn Gillmor writes: > > debian-policy should encourage verification of upstream cryptographic > > signatures. Yes. > diff --git a/policy.xml b/policy.xml > index 6086901..c14d9b4 100644 > ---

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Jonathan Nieder
Hi, Russ Allbery wrote: > How does this look to everyone? Seconded, with or without the tweaks dkg suggested in https://bugs.debian.org/732445#68 Thanks, Jonathan > --- a/policy.xml > +++ b/policy.xml > @@ -2556,11 +2556,28 @@ endif > > > This is an optional, recommended

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Daniel Kahn Gillmor
On Mon 2017-08-07 09:40:22 -0700, Russ Allbery wrote: > In an ideal world, we would have a documented set of metadata for finding > upstream releases, of which uscan is just one implementation, and document > that in Policy. In an ideal world, uscan would be able to verify signed git tags and

Processed: user debian-pol...@packages.debian.org, limit package to debian-policy, usertagging 786470 ...

2017-08-07 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > user debian-pol...@packages.debian.org Setting user to debian-pol...@packages.debian.org (was spwhit...@spwhitton.name). > limit package debian-policy Limiting to bugs with field 'package' containing at least one of 'debian-policy' Limit

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Russ Allbery
Holger Levsen writes: > On Mon, Aug 07, 2017 at 09:40:22AM -0700, Russ Allbery wrote: >> In an ideal world, we would have a documented set of metadata for >> finding upstream releases, of which uscan is just one implementation, >> and document that in Policy. This patch

Bug#845255: debian-policy: Include best practices for packaging database applications

2017-08-07 Thread Paul Gevers
Hi, As promised, I send the converted dbapp-policy documentation to this bug. Credits go to Osamu, any bug is mine. Paul http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd; [ ]> Best practices for packaging database applications Sean Finney This draft describes a set of

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Holger Levsen
On Mon, Aug 07, 2017 at 09:40:22AM -0700, Russ Allbery wrote: > In an ideal world, we would have a documented set of metadata for finding > upstream releases, of which uscan is just one implementation, and document > that in Policy. This patch doesn't attempt to do that; it tries to find a >

Processed: Merge duplicates

2017-08-07 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > reassign 871380 src:qtwebengine-opensource-src Bug #871380 [src:algobox] algobox: FTBFS: build-dependency not installable: qtwebengine5-dev Bug reassigned from package 'src:algobox' to 'src:qtwebengine-opensource-src'. No longer marked as found

Processed: Re: Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Debian Bug Tracking System
Processing control commands: > tag -1 patch Bug #732445 [debian-policy] debian-policy should encourage verification of upstream cryptographic signatures Added tag(s) patch. -- 732445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732445 Debian Bug Tracking System Contact

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

2017-08-07 Thread Russ Allbery
Control: tag -1 patch Daniel Kahn Gillmor writes: > debian-policy should encourage verification of upstream cryptographic > signatures. > Since devscripts 2.13.3 (see #610712), uscan has supported the ability > to automatically verify upstream's cryptographic signatures

Bug#798476: Returning to the requirement that Uploaders: contain humans

2017-08-07 Thread Adrian Bunk
On Sat, Aug 05, 2017 at 04:29:34PM -0700, Russ Allbery wrote: >... > since teams are less likely to only have a single leaf package. Approximate data based on grep'ing Packages[1]: - 466 teams maintaining packages in unstable - 8 is the median number of packages maintained by a team - 73 teams

☀Re: what do you think about that stuff?

2017-08-07 Thread Goswin von Brederlow
Hey, I've found that nice stuff recently and just wanted to ask what do you think about it? Check it out here https://is.gd/MypJ0j My Best, Goswin von Brederlow From: developers-reference [mailto:developers-refere...@packages.debian.org] Sent: Monday, August 07, 2017 8:05 AM To: