Didier 'OdyX' Raboud writes:
>> diff --git a/policy.xml b/policy.xml
>> index 6086901..c14d9b4 100644
>> --- a/policy.xml
>> +++ b/policy.xml
>> @@ -2556,11 +2556,28 @@ endif
>>
>>
>> This is an optional, recommended configuration file for the
>> -uscan
Le lundi, 7 août 2017, 09.40:22 h EDT Russ Allbery a écrit :
> Daniel Kahn Gillmor writes:
> > debian-policy should encourage verification of upstream cryptographic
> > signatures.
Yes.
> diff --git a/policy.xml b/policy.xml
> index 6086901..c14d9b4 100644
> ---
Hi,
Russ Allbery wrote:
> How does this look to everyone?
Seconded, with or without the tweaks dkg suggested in
https://bugs.debian.org/732445#68
Thanks,
Jonathan
> --- a/policy.xml
> +++ b/policy.xml
> @@ -2556,11 +2556,28 @@ endif
>
>
> This is an optional, recommended
On Mon 2017-08-07 09:40:22 -0700, Russ Allbery wrote:
> In an ideal world, we would have a documented set of metadata for finding
> upstream releases, of which uscan is just one implementation, and document
> that in Policy.
In an ideal world, uscan would be able to verify signed git tags and
Holger Levsen writes:
> On Mon, Aug 07, 2017 at 09:40:22AM -0700, Russ Allbery wrote:
>> In an ideal world, we would have a documented set of metadata for
>> finding upstream releases, of which uscan is just one implementation,
>> and document that in Policy. This patch
On Mon, Aug 07, 2017 at 09:40:22AM -0700, Russ Allbery wrote:
> In an ideal world, we would have a documented set of metadata for finding
> upstream releases, of which uscan is just one implementation, and document
> that in Policy. This patch doesn't attempt to do that; it tries to find a
>
Processing control commands:
> tag -1 patch
Bug #732445 [debian-policy] debian-policy should encourage verification of
upstream cryptographic signatures
Added tag(s) patch.
--
732445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732445
Debian Bug Tracking System
Contact
Control: tag -1 patch
Daniel Kahn Gillmor writes:
> debian-policy should encourage verification of upstream cryptographic
> signatures.
> Since devscripts 2.13.3 (see #610712), uscan has supported the ability
> to automatically verify upstream's cryptographic signatures
tags 742552 - patch
thanks
Hi,
On 24/03/14 at 19:08 -0400, Daniel Kahn Gillmor wrote:
Maybe at this stage, the recommendation would be better placed in
developers-reference.
thanks, that's a good idea.
i've cloned the bug to suggest its inclusion in developers-reference,
where the
Processing commands for cont...@bugs.debian.org:
tags 742552 - patch
Bug #742552 [developers-reference] developers-reference should encourage
verification of upstream cryptographic signatures
Removed tag(s) patch.
thanks
Stopping processing here.
Please contact me if you need assistance.
--
Control: clone 732445 -2
Control: reassign -2 developers-reference
Control: retitle -2 developers-reference should encourage verification of
upstream cryptographic signatures
Control: retitle 732445 debian-policy should encourage verification of upstream
cryptographic signatures
Hi Bill--
On
Processing control commands:
clone 732445 -2
Bug #732445 [debian-policy] debian-policy should encourage verification of
upstream cryptographic signaturse
Bug 732445 cloned as bug 742552
reassign -2 developers-reference
Bug #742552 [debian-policy] debian-policy should encourage verification
On 03/24/2014 07:51 PM, Russ Allbery wrote:
I'm curious -- why do we have two different supported paths? At least in
my experience the ASCII-armored key is much easier to deal with, since you
don't have to configure dpkg to allow binary files in the debian
directory. I'm not sure that I see
Daniel Kahn Gillmor d...@fifthhorseman.net writes:
I'd be happy to see us settle on one single location, and if folks think
that the .asc version is the better option, updating lintian to nag
about the other ones until they go away seems doable before we freeze
for jessie. I'll even file
Hi!
On Mon, 2014-03-24 at 16:51:53 -0700, Russ Allbery wrote:
I use:
gpg --export --armor --export-options export-minimal key \
debian/upstream/signing-key.asc
to generate this file for my packages.
I've been using pgp-clean (signing-party), which seems to generate
even
15 matches
Mail list logo