[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#41794: dpkg-buildpackage PGP key lookup

On Sat, Oct 23, 1999 at 07:03:41AM +0000, Alexander Koch wrote:
> On Fri, 22 October 1999 23:19:48 -0400, Ben Collins wrote:
> > The real problem is that having a maintainer address
> > that is not referenced in the key ring is, IMO,	 bad.
> 
> So for example  for zebra the Maintainer is
> Maintainer: Endre Hirling and Alexander Koch <zebra@argh.org>
> which is not in the keyring, I was signing it with my key
> which at least has efraim@argh.org in it.
> 
> This will not be possible any more? Or do I misunderstand
> something here?

No, it's possible, nothing was changed about this. That's an interesting
case I hadn't thought about. What Brian was refering to was having say
"Ben M. Collins <bcollins@debian.org>" as the maintainer field, but
signing it with "B. Collins <bcollins@debian.org>", which could be solved
by simply adding the first ID to the key.

I'll admit though, the case you show (and now that I think of it, several
similar cases where the package might be maintained by a group) would
benefit from such a feature).

Ben
Reply to: