Re: Does d/watch work for commits signed via ssh?

To: debian-devel@lists.debian.org
Subject: Re: Does d/watch work for commits signed via ssh?
From: Yadd <yadd@debian.org>
Date: Mon, 10 Nov 2025 06:44:28 +0100
Message-id: <[🔎] 20941d3c-1b6f-4506-b656-16437a2499cc@debian.org>
In-reply-to: <[🔎] 87zf8u6ggu.fsf@biskvi.sjd.se>
References: <[🔎] 38024048-05c3-4e3f-a292-972519acf018@debian.org> <[🔎] 19df27e0-f187-466a-aa6a-69181205676e@debian.org> <[🔎] 87zf8u6ggu.fsf@biskvi.sjd.se>

Le 09/11/2025 à 22:31, Simon Josefsson a écrit :

Yadd <yadd@debian.org> writes:

SSH signatures are more of a gimmick than a true electronic signature;
I don't see the point of putting them on the same level as a GPG
signature in uscan.


What do you mean by gimmick?  SSH signature support seems to be on-par
with PGP in plenty of eco-systems including github, gitlab etc.

/Simon

No trust system or public database, no expiration date, no revocationsystem, same key used for auth and sig which is a by-designvulnerability,...

Reply to:

Follow-Ups:
- Re: Does d/watch work for commits signed via ssh?
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Does d/watch work for commits signed via ssh?
  - From: Nilesh Patra <nilesh@debian.org>
- Re: Does d/watch work for commits signed via ssh?
  - From: Yadd <yadd@debian.org>
- Re: Does d/watch work for commits signed via ssh?
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Re: Hard Rust requirements from May onward
Next by Date: Re: apt-ftparchive alternatives
Previous by thread: Re: Does d/watch work for commits signed via ssh?
Next by thread: Re: Does d/watch work for commits signed via ssh?
Index(es):
- Date
- Thread