[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#733029: dpkg-buildpackage: disable signing by default (-us -uc should be the default)

On Mon, Dec 30, 2013 at 12:27:29PM +0100, Guillem Jover wrote:
> I guess it's probably a good idea to switch the default, becuse I
> assume most maintainers do more test builds than final ones. Or users
> who either don't have gpg installed or don't have a gpg key. Although
> with the current no-signing-UNRELEASED behaviour, the need for -us -uc
> should have dropped in many cases.

On the sbuild/buildd side, we have run dpkg-buildpackage with
"-us -uc" by default for years.  If you do enable signing, as is
the case for buildd uploads, we run debsign explicitly after
dpkg-buildpackage completed.  This avoids any need for GPG keys
to be present in the build chroot.  So from the POV of making
"-us -uc" the default, I think that's a good plan and matches
the requirements of the majority of both manual and automated
builds.  And from the POV of having a replacement for debsign,
we can conditionally switch to using it as soon as it becomes


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: