[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tarball signatures in source packages and jessie


On Sat, 2016-05-21 at 00:17:25 +0200, Julien Cristau wrote:
> There can't be any, because they'd get rejected by dak:
> - until today, with something like
>   https://lists.debian.org/debian-x/2016/05/msg00160.html
> - now, with a dpkg-source error:
>   https://lists.debian.org/debian-x/2016/05/msg00168.html

Ah perfect! So there's no chance of this getting through, good.

> (I attempted to fix the first reject with
> http://anonscm.debian.org/git/mirror/dak.git/commit/?id=ac7962e07a871d2619b475c54f6be2b3a79616ee

Buh, should have gone with my patch to anchor the regexes at the end. :/

> which only managed to show the second error; I've now got a patch at
> http://anonscm.debian.org/cgit/users/jcristau/dak.git/commit/?h=formatone-no-tar-sig
> to properly reject 1.0 source packages with orig.tar.gz.asc)

Thanks! Easier than rejecting them via lintian.

> > I'll just disable picking up tarball signatures for 1.0 format for
> > now in the next upload, which I'll try to rush out during the weekend.

> OK, thanks.

BTW, do you think it would make sense to cherry pick
d01212f2d7e59fc713c66b5d60421ac2296c1463 in dpkg 1.17.x for stable,
given that there's a point release quite soon, and then we could
consider reenabling inclusiong of signatures for source format 1.0
in unstable once the point release is done? (Taking into account Ian's
remark that just the change being in stable-updates is not good enough.)


Reply to: