Re: YMMFPQ (Yet More My First Package Questions)

[Andreas Metzler <ametzler@downhill.at.eu.org>]

On Thu, Aug 28, 2003 at 10:06:16AM +0200, Thomas -Balu- Walter wrote:
> On Wed, Aug 27, 2003 at 08:19:44PM +0200, Thorsten Sauter wrote:
[...] 
>> dpkg-buildpackage tries to sign the package with your name, which is
>> used in the debian/changelog file. You can change the name (and email)
>> in this file to the name which is used for your gpg key.

> The eMail is correct, but the name differs :-). Thats why I was curious
> why dpkg-buildpackage not only uses the eMail-address to check for keys.
> But thats not a problem as long as I can use -k to choose a key.
[...]

It is a feature, people might have two different secret keys, one used
only for Debian "John Doe 'Debian package key' <john@foo.example>" and
another one for his private mail "John Doe 'private'
<john@foo.example>".

BTW I _never_ let dpkg-buildpackage do the signing of the package,
because I usually rebuild the package many times before I think it is
fit for release and signing these unreleased packages is a big waste of
time (and my gpg passphrase is rather long). I use
dpkg-buildpackage -uc -us -sd -rfakeroot
and afterwards sign the package with
debsign -k8B8D7663 bar_0.8-15_i386.changes
             cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"