[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#732450: debian/watch: help uscan verify PGP signature automatically

tag 732450 +pending

Hi Daniel,

On 18.12.2013 08:53, Daniel Kahn Gillmor wrote:
> It looks like Jim Jagielski is signing apache2 releases (at least
> those from 2.2 onward, which are all that we care about) with his key
> with fingerprint A93D 62EC C3C8 EA12 DB22 0EC9 34EA 76E6 7914 85A8.
> So to get uscan to verify this automatically, you'd do:
>  FINGERPRINT='A93D 62EC C3C8 EA12 DB22 0EC9 34EA 76E6 7914 85A8'
>  gpg --keyserver keys.gnupg.org --recv "$FINGERPRINT"
>  cd src/apache2
>  gpg --export "$FINGERPRINT" > debian/upstream-signing-key.pgp

thanks for that suggestion. I added your patch for the upcoming package
upload. I did, however, add the full keyring of Apache developers that
/could/ sign a release as listed in http://www.apache.org/dist/httpd/KEYS

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: