Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Didier 'OdyX' Raboud writes: >> diff --git a/policy.xml b/policy.xml >> index 6086901..c14d9b4 100644 >> --- a/policy.xml >> +++ b/policy.xml >> @@ -2556,11 +2556,28 @@ endif >> >> >> This is an optional, recommended configuration file for the >> -uscan

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Le lundi, 7 août 2017, 09.40:22 h EDT Russ Allbery a écrit : > Daniel Kahn Gillmor writes: > > debian-policy should encourage verification of upstream cryptographic > > signatures. Yes. > diff --git a/policy.xml b/policy.xml > index 6086901..c14d9b4 100644 > ---

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Hi, Russ Allbery wrote: > How does this look to everyone? Seconded, with or without the tweaks dkg suggested in https://bugs.debian.org/732445#68 Thanks, Jonathan > --- a/policy.xml > +++ b/policy.xml > @@ -2556,11 +2556,28 @@ endif > > > This is an optional, recommended

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

On Mon 2017-08-07 09:40:22 -0700, Russ Allbery wrote: > In an ideal world, we would have a documented set of metadata for finding > upstream releases, of which uscan is just one implementation, and document > that in Policy. In an ideal world, uscan would be able to verify signed git tags and

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Holger Levsen writes: > On Mon, Aug 07, 2017 at 09:40:22AM -0700, Russ Allbery wrote: >> In an ideal world, we would have a documented set of metadata for >> finding upstream releases, of which uscan is just one implementation, >> and document that in Policy. This patch

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

On Mon, Aug 07, 2017 at 09:40:22AM -0700, Russ Allbery wrote: > In an ideal world, we would have a documented set of metadata for finding > upstream releases, of which uscan is just one implementation, and document > that in Policy. This patch doesn't attempt to do that; it tries to find a >

Processed: Re: Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Processing control commands: > tag -1 patch Bug #732445 [debian-policy] debian-policy should encourage verification of upstream cryptographic signatures Added tag(s) patch. -- 732445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732445 Debian Bug Tracking System Contact

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Control: tag -1 patch Daniel Kahn Gillmor writes: > debian-policy should encourage verification of upstream cryptographic > signatures. > Since devscripts 2.13.3 (see #610712), uscan has supported the ability > to automatically verify upstream's cryptographic signatures

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

tags 742552 - patch thanks Hi, On 24/03/14 at 19:08 -0400, Daniel Kahn Gillmor wrote: Maybe at this stage, the recommendation would be better placed in developers-reference. thanks, that's a good idea. i've cloned the bug to suggest its inclusion in developers-reference, where the

Processed: Re: Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Processing commands for cont...@bugs.debian.org: tags 742552 - patch Bug #742552 [developers-reference] developers-reference should encourage verification of upstream cryptographic signatures Removed tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. --

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Control: clone 732445 -2 Control: reassign -2 developers-reference Control: retitle -2 developers-reference should encourage verification of upstream cryptographic signatures Control: retitle 732445 debian-policy should encourage verification of upstream cryptographic signatures Hi Bill-- On

Processed: Re: Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Processing control commands: clone 732445 -2 Bug #732445 [debian-policy] debian-policy should encourage verification of upstream cryptographic signaturse Bug 732445 cloned as bug 742552 reassign -2 developers-reference Bug #742552 [debian-policy] debian-policy should encourage verification

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

On 03/24/2014 07:51 PM, Russ Allbery wrote: I'm curious -- why do we have two different supported paths? At least in my experience the ASCII-armored key is much easier to deal with, since you don't have to configure dpkg to allow binary files in the debian directory. I'm not sure that I see

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Daniel Kahn Gillmor d...@fifthhorseman.net writes: I'd be happy to see us settle on one single location, and if folks think that the .asc version is the better option, updating lintian to nag about the other ones until they go away seems doable before we freeze for jessie. I'll even file

Bug#732445: debian-policy should encourage verification of upstream cryptographic signaturse

Hi! On Mon, 2014-03-24 at 16:51:53 -0700, Russ Allbery wrote: I use: gpg --export --armor --export-options export-minimal key \ debian/upstream/signing-key.asc to generate this file for my packages. I've been using pgp-clean (signing-party), which seems to generate even