Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.

To: Mats Erik Andersson <mats.andersson@gisladisker.se>, "846399@bugs.debian.org" <846399@bugs.debian.org>
Subject: Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
From: Gianfranco Costamagna <locutusofborg@debian.org>
Date: Fri, 9 Dec 2016 12:45:49 +0000 (UTC)
Message-id: <[🔎] 296941044.1633963.1481287549099@mail.yahoo.com>
Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>, 846399@bugs.debian.org
In-reply-to: <[🔎] 20161208003254.GA70884@aun.utmark.mea>
References: <20161130232904.GA23365@aun.utmark.mea> <[🔎] 573435811.2332463.1481126187923@mail.yahoo.com> <[🔎] 20161207224443.GA70335@aun.utmark.mea> <[🔎] 1550413984.23776.1481153932786@mail.yahoo.com> <[🔎] 20161208003254.GA70884@aun.utmark.mea>

Hi,

>There is no problem to fetch the key. The problem is to use it. My present

>use case is this
>
>   gpgv --homedir debian/upstream --keyring debian/upstream/signing-key.pgp \
>    archive.sig archive
>
>You are requesting me to use 'debian/upstream/signing-key.asc', an armoured key
>which gpgv is not able to handle to my knowledge. Observe that upstream's source
>archive must be repackaged to fulfill DFSG, so the above use of gpgv is located
>in the target 'get-orig-source' for verification of the original archive

>before proceeding to eliminate the texinfo source, which violates DFSG.


gpg --verify  rush-1.8.tar.xz.sig 
gpg: assuming signed data in `rush-1.8.tar.xz'
gpg: Signature made sab 01 ott 2016 10:04:02 CEST using DSA key ID 55D0C732
gpg: Good signature from "Sergey Poznyakoff <gray@gnu.org>"
gpg:                 aka "Sergey Poznyakoff <gray@gnu.org.ua>"
gpg:                 aka "Sergey Poznyakoff (Gray) <gray@mirddin.farlep.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 325F 650C 4C2B 6AD5 8807  327A 3602 B07F 55D0 C732


why this can't work?
you wget the key, and gpg --verify it.
that upstream/ is something that should be handled by uscan, not by you.

anyway, there should be a clean, and easy way to avoid that stuff entirely.

I suggest you to try harder with the documentation I gave to you
"opts=pgpsigurlmangle=s/$/.asc/" should do the trick

also, you are just removing some files to the tarball?
then, Files-Excluded copyright keyword can do it for you.

https://wiki.debian.org/UscanEnhancements

can this fit your needs?

G.

Reply to:

Follow-Ups:
- Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
  - From: Mats Erik Andersson <mats.andersson@gisladisker.se>

References:
- Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
  - From: Gianfranco Costamagna <locutusofborg@debian.org>
- Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
  - From: Mats Erik Andersson <mats.andersson@gisladisker.se>
- Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
  - From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
- Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
  - From: Mats Erik Andersson <mats.andersson@gisladisker.se>

Prev by Date: Bug#847105:
Next by Date: Bug#847426: RFS: fortune-zh/2.0
Previous by thread: Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
Next by thread: Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
Index(es):
- Date
- Thread