[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#868497: debian-policy: Signed .dsc Files

Russ,

On Sun, Jul 16, 2017 at 10:56 AM, Russ Allbery <rra@debian.org> wrote:
> Paul Hardy <unifoundry@gmail.com> writes:
>
>> ...Debian Policy Manual, Section 5.4, "Debian source control files - .dsc",
>> states in the first sentence:
>
>> "This file consists of a single paragraph, possibly surrounded by a PGP
>> signature."
>
>> This does not state whether someone who is creating a package to be
>> uploaded by a sponsor can clearsign their own .dsc file, or if only the
>> sponsor is able to do that without causing upload problems.
>
>> What is permissible?  Can you clarify that in a future update to this
>> section?
>
> (I'm pretty sure the actual answer to this question is that nothing
> cares.)...

I was wondering if a maintainer signed a .dsc file in a package that
was uploaded (and hence signed) by a sponsor, that the FTP server
would reject the .dsc file for having an invalid signature.

Could the wording be changed to "...possibly surrounded by the
maintainer's PGP signature"?  The term "maintainer" is implicitly
defined in the Policy Manual through repeated mention.

Of course, out of context of this request someone might think "of
course the maintainer would sign the .dsc file--who else would do
that?"

Thanks,


Paul Hardy
Reply to: