Re: Upstream Tarball Signature Files

[Paul Hardy <unifoundry@gmail.com>]

On Tue, Aug 8, 2017 at 5:13 AM, Osamu Aoki <osamu@debian.org> wrote:

Hi,

On Tue, Aug 08, 2017 at 10:48:08AM +0200, Guillem Jover wrote:
...
> On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote:
> > Also, where signature files are desired, I think it would be beneficial to
> > also accept binary ".sig" files as an alternative to ".asc" files, for
> > example as produced with "gpg -b".
>
> There is no need for that, you can convert from ASCII armored to
> binary signatures and the other way around easily.

Guillem: I will use the workaround that you posted for now.  My thinking was to preserve the timestamp of the original signature file, and what you posted does accomplish that.  I think using a sed script is not as clean as also someday allowing a ".sig" file in ".changes" and ".dsc" files though.  Do you think it will be hard to add that ability to dpkg?  It looks like the V1 and V2 Perl modules could add a ".orig.tar.*.sig" to the list of acceptable $tarsign string assignments.  It seems that the $tarsign signature file must be getting returned by the get_files calls, for example in dpkg-genchanges.pl, but I did not see how with a quick look at the dpkg code.

True.  But why you want to limit to one format between .sig and .asc?

Osamu: I did not mean just accept one format--I meant accept both ".asc" and ".sig" files for ".changes", ".dsc", and uscan files.  I suppose all three manuals you mentioned could be modified to document this.

I had not brought this up until the latest lintian check on a test build returned an error, but then Sean noted that the lintian error report is a bug.

If there are no strong objections to this change, I will file a wishlist bug as an "issue" for debian-policy about this.  I will be away next weekend so I will try to put together something before then.

Thanks,

Paul Hardy