Control: tags 610712 + patch
On Fri 2011-01-21 11:25:27 -0500, Emil Langrock wrote:
> A more interesting approach is to make it possible to download the source
> tarball and a pgp/gnupg signature which is used to verify the the
> file.
This is i think the approach we want to pursue. having a st
On Sat 2013-05-04 05:03:36 -0400, Daniel Kahn Gillmor wrote:
> The attached patch implements the above proposal, using (e.g.)
> opts=pgpsigurlmangle=s/$/.asc/ and debian/upstream-signing-key.pgp.
This time with the patch actually attached :/
--dkg
[i'm not on the devscripts-devel list, please cc me or 610...@bugs.debian.org]
On Sat 2013-05-04 05:26:55 -0400, Daniel Kahn Gillmor wrote:
> On Sat 2013-05-04 05:03:36 -0400, Daniel Kahn Gillmor wrote:
>
>> The attached patch implements the above proposal, using (e.g.)
>>
The following commit has been merged in the master branch:
commit 8ae9def2920d708f5b4643ce9335bb2e5162bb7a
Author: Daniel Kahn Gillmor
Date: Thu Jun 6 01:50:51 2013 -0400
uscan: document indentation style for emacs users
diff --git a/scripts/uscan.pl b/scripts/uscan.pl
index 177f3f0
The following commit has been merged in the master branch:
commit e82313c718b7bc8b884a2617081c6638d88af37b
Author: Daniel Kahn Gillmor
Date: Sat May 4 04:46:34 2013 -0400
Enable OpenPGP signature verification (Closes: #610712)
add a new opts= option for debian/watch files
On 06/05/2013 09:24 PM, James McCoy wrote:
>> I took a quick look at the patch and found to things: 1) Please update
>> README in addition to d/control and 2) please check the indentation.
>
> A little clarification on this. uscan uses (as most of the shell/Perl
> scripts in devscripts do) the fo
On 12/08/2013 10:16 PM, David Prévot wrote:
> Since it is easier to find/produce collisions with compressed files,
> some projects do a checksum on the tar file and not on the compressed
> file, see:
>
> http://cryptography.hyperlink.cz/2004/otherformats.html
This note is about bad properties of
ent [ssh-client] 1:6.4p1-1
ii svn-buildpackage 0.8.5
pn w3m
-- debconf-show failed
commit 20a435df7093fb0048bf6471e9ca6f3fc17ee3b6
Author: Daniel Kahn Gillmor
Date: Wed Dec 18 02:21:50 2013 -0500
uscan checks for likely upstream signatures if none are
ilx]1:2.99.98-2
pn mutt
ii openssh-client [ssh-client] 1:6.7p1-2
ii svn-buildpackage 0.8.5+nmu1
ii w3m 0.5.3-17
-- debconf-show failed
>From dd7b60948caa34ca8d7af8bc4d8a5a4db68ca2ec Mon Sep 17 00:00:00 2001
From: Dani
On Thu 2014-11-06 12:20:14 -0500, Daniel Kahn Gillmor wrote (in #768345):
> Package: devscripts
> Version: 2.14.10
> Severity: normal
> Tags: patch
>
> Dear Maintainer,
>
> when gpg2 2.1 is installed (currently available in debian
> experimental), uscan --verbose
On 12/16/2014 03:51 PM, James McCoy wrote:
> On Dec 16, 2014 2:57 PM, "Daniel Kahn Gillmor"
> wrote:
>>
>> On Thu 2014-11-06 12:20:14 -0500, Daniel Kahn Gillmor wrote (in #768345):
>>> when gpg2 2.1 is installed (currently available in debian
>>> exp
Package: devscripts
Version: 2.15.1
Severity: normal
emacs is my default editor.
it looks like if you send emacs a SIGINT, it will clean up nicely and
terminate with a return code of 0.
if i run a bts command that drops me into my editor in an X11
environment, emacs spawns as a separate window,
Hi Thomas--
Thanks for the useful feedback. The documentation tries to be short but
complete, and clearly we have a ways to go for improvement.
I'll answer your questions below -- maybe you can propose a patch that
would make these answers clearer without bloating or overcomplicating
uscan(1) ?
The changes in c2c055ab32180d2a8ba643c0114d1319b791e33f were not quite
sufficient to fully convert all bugs.debian.org access to https by
default. This changeset fixes a few missed spots.
---
lib/Devscripts/Debbugs.pm | 2 +-
scripts/bts.pl | 2 +-
scripts/rc-alert.pl| 2 +-
On Mon 2015-11-16 02:52:49 -0500, Emmanuel Bourg wrote:
> Another point worth considering, uscan doesn't apply a filter equivalent
> to 'unzip -a' to .tar.gz archives, so for consistency I'd argue that it
> shouldn't do it for zip archives either and unpack the files as is.
fwiw, my initial concer
Package: devscripts
Version: 2.15.9
Severity: normal
Hi lovely devscripts maintainers--
debuild can't make cryptographic signatures in some cases where the
user is using pinentry-gnome3. pinentry-gnome3 depends on D-Bus to
get the prompt to display. But is in some cases, gpg-agent doesn't
know
(2.15.10) UNRELEASED; urgency=medium
* debian/control
+ Add gnupg2/gpgv2 as alternative option to gnupg/gpgv. (Closes: #788414)
+ [ Daniel Kahn Gillmor ]
+ * debuild:
++ pass through DBUS_SESSION_BUS_ADDRESS so that gpg-agent can make
+ pinentry-gnome3 work (Closes: #805501
Package: devscripts
Version: 2.15.9
Severity: normal
Dear Maintainer,
0 dkg@charlie:~$ bts cache debirf
bts: couldn't mkdir /home/dkg/.cache/devscripts: No such file or directory
2 dkg@charlie:~$ mkdir .cache
0 dkg@charlie:~$ bts cache debirf
Downloading http://bugs.debian.org/debirf ... (cached
Package: devscripts
Version: 2.15.10
Severity: normal
0 dkg@alice:~$ bts --cache --cache-mode=full cache src:gnupg2
Downloading http://bugs.debian.org/src:gnupg2 ... (cached new version)
Downloading http://bugs.debian.org/678613 ... bts: failed to download
bugreport.cgi?msg=4;mbox=yes;bug=678613
Package: devscripts
Version: 2.15.10
Severity: normal
the github example in uscan(1) appears to be rejected by uscan as
having a "potentially unsafe or malformed filenamemangle pattern".
It's not clear to me what the problem is or how i should resolve it.
either the documentation or the definitio
On Tue 2016-04-12 10:00:09 -0400, Osamu Aoki wrote:
> I assume "create" means "create a copy of the upstream-generated
> signature" as foo_0.1.2.orig.tar.gz..asc which can be
> verified by the keyring debian/upstream/signing-key.pgp in the older
> package.
I'm not sure that we need the in that sp
On Tue 2016-04-12 11:12:44 -0400, Paul Wise wrote:
> On Tue, 2016-04-12 at 10:26 -0400, Daniel Kahn Gillmor wrote:
>
>> I'm not sure that we need the [] in that specification.
>
> This allows for multiple signers: an upstream release team to have
> multiple signers attes
0.5.3-27
-- debconf-show failed
>From 8039b887e7eb4ed03ce4f12cdee9f69fe89abaee Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor
Date: Fri, 6 May 2016 15:14:11 -0400
Subject: [PATCH] include tgz in @ARCHIVE_EXT@
---
scripts/uscan.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
d
On Sun 2016-05-08 02:45:40 -0400, Osamu Aoki wrote:
> Hi,
>
> On Fri, May 06, 2016 at 03:15:22PM -0400, Daniel Kahn Gillmor wrote:
>> Package: devscripts
>> Version: 2.16.4
>> Severity: normal
>> Tags: patch
>>
>> Dear Maintainer,
>>
>> s
Package: devscripts
Version: 2.16.6
Severity: normal
sks is released here:
https://bitbucket.org/skskeyserver/sks-keyserver/downloads
the HTML there is decidedly weird, with extra whitespace in the href:
-
sks-1.1.6.tgz
-
So uscan isn't able to find i
Hi Christoph--
On Wed 2016-11-09 03:33:48 -0600, Christoph Martin wrote:
> sks (1.1.6-4) unstable; urgency=medium
> .
>* fix watch file
thanks for this! I offered a patch to uscan to accept .tgz as part of
ARCHIVE_EXT (see https://bugs.debian.org/823624, cc'ed here) but it has
apparently b
On Thu 2017-02-16 12:23:00 -0500, Ximin Luo wrote:
> I haven't yet updated debrsign but I think that program is a bit
> pointless anyway, and have documented this in debsign(1): "note that
> it is probably safer to have your trusted signing machine use
> \fBdebsign\fR to connect to the untrusted no
Package: devscripts
Version: 2.17.9
Severity: wishlist
debian/tests/control is an RFC822-style stanza, and it can contain
things like Depends: which are nicer to represent in a
wrapped-and-sorted form (see
/usr/share/doc/autopkgtest/README.package-tests.html for more details)
wrap-and-sort should
On Mon 2017-07-31 16:33:44 +0200, Maximiliano Curia wrote:
> uscan checks the detached upstream signature with the
> debian/upstream/signing-key.asc keyring when downloading a new version, which
> is great. But the file is then not renamed/symlinked so dpkg-source can't use
> this signature file
Package: devscripts
Priority: wishlist
Control: affects -1 + dpkg git-buildpackage pristine-tar
X-Debbugs-Cc: d...@packages.debian.org, git-buildpack...@packages.debian.org,
pristine-...@packages.debian.org
Hi devscripts, dpkg, git-buildpackage, pristine-tar folks--
It's awesome to see the progr
me pointers to that?
> On Fri, Aug 11, 2017 at 02:15:28PM -0400, Daniel Kahn Gillmor wrote:
>> git archive --format=tar --prefix=${projname}-${version} ${tagname} |
>> gzip -9n
>
> This is already a part of uscan. It needs a bit more refinement.
cool, it'd be eve
On Fri 2017-08-11 20:51:25 -0400, Osamu Aoki wrote:
>> In my experience, if the goal is to create a minimal "shallow clone
>> snapshot" of the git archive, it's quite often the case that i as the
>> packager already have a full clone of the upstream repo i'm working on.
>
> Yah but tool needs to be
Hi Guillem--
On Thu 2017-08-17 01:05:46 +0200, Guillem Jover wrote:
> It seems to me like you are perhaps trying to reimplement dpkg source
> format «3.0 (git)» (described in man dpkg-source)? :)
Thanks for that pointer, it does seem similar.
I was hoping that we could produce an actual orig.tar
On Wed 2017-09-20 01:47:00 +0200, Tomasz Buchert wrote:
> So let's assume that git-archive can produce a reproducible,
> uncompressed tarball, given a particular githash. Why not ask
> interested upstream developers to do something like that:
>
> git tag -s TAGNAME -m "$(git archive --format tar
34 matches
Mail list logo
