debsig-verify problem [Was: Re: Installation report -> works with a few problems]
Tobias Spranger <tobias.spranger@tu-clausthal.de> writes:
> Hello,
>...
> First I updated the package list and (almost) all
> base/important/standard packages were installed/updated ... till
> debsig-verify was installed. By now all new packages were rejected.
> Is this because AMD64 is not an official port? Or because I used
> "deb http://debian.inode.at/pure64 sid main" instead of alioth? Why
> is debsig-verify in standard, if it reject's
> everything?
The debsig-verify source package says it has a priority of "standard"
while ftp-master.debian.org has an override for it to be "optional".
That means that for the official archs the package will not be
installed automatically while for amd64 (which has no overrides yet)
its pulled in since it is standard.
I see five possible solutions to this:
1. Change the debsig-verify sources to be optional to match ftp-master
2. add an override file to make debsig-verify optional
3. change debsig-verify to just warn on a missing signature per default
4. debsig all debs on alioth with the debian-amd64 archive key and
add said key to debsig-verify [but then debs don't match changes
files anymnore]
5. debsig all debs on the buildd with buildd specific keys (or the
uploaders key) and tell debsign about the standard uploader/buildd
keys. [That means recompiling a lot packages before it becomes
usefull]
Opinions?
MfG
Goswin
PS: I want to debsig all new debs at some point (as in 5) by the
buildd/uploader but not recompile everything.
Reply to: