[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

dput 0.11.0~3: Call for testers: replacing ‘/usr/bin/gpg’ with GPGME

Howdy all,

I have uploaded to ‘experimental’ a pre-release of the GnuPG changes in
Dput. The version is dput “0.11.0~3”.

If your packaging workflow has unusual signing practices, or an unusual
GnuPG configuration, your help will be especially valuable to test this

In particular I am seeking workflows and tests that:

* Use signatures from keys that are now expired, or from keys that your
  GnuPG doesn't trust, or from keys that your GnuPG doesn't know.

* Use signatures that are well-formed but fail to verify, or that are
  good but very old, or that are from the future.

* Use non-default hash algorithms, or non-default options that would
  otherwise affect the generated signature.

* Use GnuPG version 1 on a system with GnuPG 2, or vice versa.

* Use outdated versions of GPGME.

* etc.

I'm also hoping some people interested in back-porting ‘dput’ to older
Debian releases can help test these changes on those systems.

Please feel free to file bugs against ‘dput/0.11.0~3’ for regressions in
GnuPG signature verification in unusual workflows.

 \      “It is difficult to get a man to understand something when his |
  `\   salary depends upon his not understanding it.” —Upton Sinclair, |
_o__)                                                             1935 |
Ben Finney

Reply to: