dput 0.11.0~3: Call for testers: replacing ‘/usr/bin/gpg’ with GPGME
Howdy all,
I have uploaded to ‘experimental’ a pre-release of the GnuPG changes in
Dput. The version is dput “0.11.0~3”.
If your packaging workflow has unusual signing practices, or an unusual
GnuPG configuration, your help will be especially valuable to test this
change.
In particular I am seeking workflows and tests that:
* Use signatures from keys that are now expired, or from keys that your
GnuPG doesn't trust, or from keys that your GnuPG doesn't know.
* Use signatures that are well-formed but fail to verify, or that are
good but very old, or that are from the future.
* Use non-default hash algorithms, or non-default options that would
otherwise affect the generated signature.
* Use GnuPG version 1 on a system with GnuPG 2, or vice versa.
* Use outdated versions of GPGME.
* etc.
I'm also hoping some people interested in back-porting ‘dput’ to older
Debian releases can help test these changes on those systems.
Please feel free to file bugs against ‘dput/0.11.0~3’ for regressions in
GnuPG signature verification in unusual workflows.
--
\ “It is difficult to get a man to understand something when his |
`\ salary depends upon his not understanding it.” —Upton Sinclair, |
_o__) 1935 |
Ben Finney
Reply to: