[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tarball signatures in source packages and jessie

On Sun, May 22, 2016 at 19:39:53 +0200, Guillem Jover wrote:

> BTW, do you think it would make sense to cherry pick
> d01212f2d7e59fc713c66b5d60421ac2296c1463 in dpkg 1.17.x for stable,
> given that there's a point release quite soon, and then we could
> consider reenabling inclusiong of signatures for source format 1.0
> in unstable once the point release is done? (Taking into account Ian's
> remark that just the change being in stable-updates is not good enough.)
That was my initial question in this thread...  I have a vested interest
in that all my packages are format 1.0, and I'd be interested in
uploading signatures for them.  OTOH I can also just wait a year.

I have a related question though: if upstream ships a binary signature,
e.g. https://www.x.org/archive/individual/proto/xproto-7.0.29.tar.gz.sig
how should that be handled on the debian side?  gpg --enarmor the file
and ship the result as orig.tar.gz.asc, or is there a better way?


Reply to: