This is an automated email from the git hooks/post-receive script.
pabs pushed a commit to branch master
in repository devscripts.
commit 663fd42238ef75d1e6ba0735164fbbcf6f861f76
Author: Daniel Kahn Gillmor
Date: Thu May 8 19:54:10 2014 +0800
uscan: check for likely upstream signatures if
This is an automated email from the git hooks/post-receive script.
pabs pushed a change to branch master
in repository devscripts.
from 130138c po4a: (fr) Trivial unfuzzy
new 663fd42 uscan: check for likely upstream signatures if none are
known (Closes: #732449)
The 1 revisio
Processing commands for cont...@bugs.debian.org:
> #devscripts (2.14.2) UNRELEASED; urgency=medium
> #
> # * uscan: check for likely upstream signatures if none are known (Closes:
> #732449)
> #
> limit source devscripts
Limiting to bugs with field 'source' containing at least one of 'devscripts
Processing commands for cont...@bugs.debian.org:
> tag 732449 pending
Bug #732449 [devscripts] devscripts: uscan should check for likely URLs for
upstream cryptographic signatures
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
732449: http:
Package: devscripts
Severity: wishlist
File: /usr/bin/uscan
It would be great if there were an option to verify the current upstream
tarball is the same as the one for the package and that the upstream
cryptographic signatures still match. Currently sponsors have to do this
manually, it would be m
Package: devscripts
Version: 2.14.1
Severity: important
Dear Maintainer,
Running uscan for Tryton packages [1] currently fails for
recently signed packages.
tryton-client:
-- Scanning for watchfiles in .
-- Found watchfile in ./debian
-- In debian/watch, processing watchfile l
Hi,
As far as I can tell, the key used for the signature (15B3323F):
>gpgv: Unterschrift vom Mi 07 Mai 2014
> 20:59:29 CEST mittels DSA-Schlüssel ID
> 15B3323F
is not the same as the one provided in the packages keyring:
/tryt
