Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more

To: Chris Lamb <lamby@debian.org>
Cc: 870069@bugs.debian.org, Stefan Bühler <stbuehler@lighttpd.net>
Subject: Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
From: Paul Hardy <unifoundry@gmail.com>
Date: Sat, 2 Sep 2017 05:54:10 -0700
Message-id: <[🔎] CAJqvfD-u1xM9owLyO9fsNx44pSTmyhWcpAMxR9-GFef2SY0CzA@mail.gmail.com>
Reply-to: Paul Hardy <unifoundry@gmail.com>, 870069@bugs.debian.org
In-reply-to: <[🔎] 1504332489.2506322.1092935392.0DA29276@webmail.messagingengine.com>
References: <a1ebcdf2-53c9-b596-6898-6ac214274f24@lighttpd.net> <[🔎] 1504256139.1166916.1092013000.755B50CB@webmail.messagingengine.com> <[🔎] CAJqvfD_G-KwcnpwTV-whtgdWvw-nqNuiUKqRR2hiUqz9VP8HeA@mail.gmail.com> <[🔎] 1504278690.1246544.1092344680.4836115E@webmail.messagingengine.com> <[🔎] CAJqvfD96zmNtK4arcx4hwbtCFteRmt6MZyNtmF+3cFoyYm0fPQ@mail.gmail.com> <[🔎] 1504332489.2506322.1092935392.0DA29276@webmail.messagingengine.com> <a1ebcdf2-53c9-b596-6898-6ac214274f24@lighttpd.net>

Chris,

On Fri, Sep 1, 2017 at 11:08 PM, Chris Lamb <lamby@debian.org> wrote:
> Hi Paul,
>
>> > Can you think of another way your particular versions could be
>> > detected?
>>
>> Sorry, I don't understand what you mean by "versions".  I do use a
>> watch file for Unifont
>
> Nothing to do with watchfiles, but rather I want to work out somehow
> we can not emit this tag until you are ready to release and a
> signature would actually exist.

Oh, I see.  Personally, my only concern was that a lintian error would
prevent an uploaded, released package from migrating to testing.  I
did not think it should be a lintian error, because not having the
file does not violate Debian Policy.  I think a warning would be a
better severity level.

I think having lintian give a warning for a missing ".orig.tar.*.asc"
file is appropriate even for UNRELEASED, so the package maintainer
realizes the omission as early as possible and can prioritize adding
it (or even severity "Info" in cases where it is not known if the
upstream tarball has a signature).  An exception, as you mentioned,
would be a dfsg version of an upstream tarball.

However, I have modified my building procedure so that now I do create
a ".asc" signature file from my GNU ".sig" file before pdebuild
starts.  So I have circumvented the whole issue, but that doesn't
solve it for others.

Thank you,

Paul Hardy

Reply to:

Follow-Ups:
- Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
  - From: Chris Lamb <lamby@debian.org>

References:
- Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
  - From: Chris Lamb <lamby@debian.org>
- Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
  - From: Paul Hardy <unifoundry@gmail.com>
- Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
  - From: Chris Lamb <lamby@debian.org>
- Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
  - From: Paul Hardy <unifoundry@gmail.com>
- Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
Next by Date: Bug#871956: lintian: false positive: binary-file-built-without-LFS-support on x32
Previous by thread: Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
Next by thread: Bug#870069: orig-tarball-missing-upstream-signature error breaks rebuilding existing packages and more
Index(es):
- Date
- Thread