[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tarball signatures in source packages and jessie


On Fri, 2016-05-20 at 13:12:37 +0200, Julien Cristau wrote:
> dpkg-source in sid now picks up orig.tar.gz.asc files and lists them in
> the source package.  Unfortunately dpkg-source in jessie then explodes
> on such source packages because it doesn't know what to do with them.

Actually this only happens for version 1.0 format. Formats >= 2.0
should be handled correctly in stable.

> Arguably that would have called for a minor version bump, but in the
> interest of allowing these files in the archive, would it make sense to
> cherry-pick
> http://anonscm.debian.org/git/dpkg/dpkg.git/commit/?id=d01212f2d7e59fc713c66b5d60421ac2296c1463
> to jessie's dpkg?

Actually I don't think signatures for 1.0 format should be allowed in
the archive yet. And that's why I filed #823190 before the dpkg
upload so that they would get rejected by lintian. But, I guess that
was really the wrong way to go about it, and I'll just claim temporary
dementia due to eagerness to get this out of the way. O:)

Given that I don't see any 1.0 format sources in the archive just yet
(hope nothing gets uploaded in the interim!):

 $ egrep -h '^ [0-9a-f]{32} .*\.asc$' /var/lib/apt/lists/*_Sources
 813d2cdfd10a02a43f3d8f1aeef1fcec 819 libbsd_0.8.3.orig.tar.xz.asc
 d5cda03b1180452d72df0e096158a40f 173 vlc_2.2.3.orig.tar.xz.asc

I'll just disable picking up tarball signatures for 1.0 format for
now in the next upload, which I'll try to rush out during the weekend.


Reply to: