Re: Does d/watch work for commits signed via ssh?

To: debian-devel@lists.debian.org
Subject: Re: Does d/watch work for commits signed via ssh?
From: Yadd <yadd@debian.org>
Date: Sun, 9 Nov 2025 21:43:43 +0100
Message-id: <[🔎] 19df27e0-f187-466a-aa6a-69181205676e@debian.org>
In-reply-to: <[🔎] 38024048-05c3-4e3f-a292-972519acf018@debian.org>
References: <[🔎] 38024048-05c3-4e3f-a292-972519acf018@debian.org>

Le 08/11/2025 à 09:45, Nilesh Patra a écrit :

[ Not subscribed, CC me if you want me to read your reply. ]

Upstream for golang-sourcehut-rockorager-go-jmap has started signing tags via
ssh instead of gpg keys now.

I tried to search if d/watch has the functionality to validate ssh sigs instead, but
all I could find is the d/u/signing-keys.asc which is gpg armor style signature, and hence

opts="mode=git, gitmode=full, pgpmode=gittag"

in d/watch simply does not work.

Does anyone know how to check for ssh signing instead?

Hi,

SSH signatures are more of a gimmick than a true electronic signature; Idon't see the point of putting them on the same level as a GPG signaturein uscan.


Cheers,
Xavier

Reply to:

Follow-Ups:
- Re: Does d/watch work for commits signed via ssh?
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Does d/watch work for commits signed via ssh?
  - From: Salvo Tomaselli <tiposchi@tiscali.it>

References:
- Does d/watch work for commits signed via ssh?
  - From: Nilesh Patra <nilesh@debian.org>

Prev by Date: Re: Hard Rust requirements from May onward
Next by Date: Re: apt-ftparchive alternatives
Previous by thread: Re: Does d/watch work for commits signed via ssh?
Next by thread: Re: Does d/watch work for commits signed via ssh?
Index(es):
- Date
- Thread