[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#868497: debian-policy: Signed .dsc Files

On Sun, Jul 16, 2017 at 5:46 PM, Sean Whitton <spwhitton@spwhitton.name> wrote:
> Hello Paul,
>
> On Sun, Jul 16, 2017 at 04:36:55PM -0700, Paul Hardy wrote:
>> I was wondering if a maintainer signed a .dsc file in a package that
>> was uploaded (and hence signed) by a sponsor, that the FTP server
>> would reject the .dsc file for having an invalid signature.
>
> The sponsor would probably unpack and then rebuild the source package
> for the upload.
>
> If they didn't, and directly signed the .dsc using debsign(1), it would
> strip the sponsee's signature, and then sign both the .dsc and the
> .changes.
>
> So I believe the problem case could not arise.

Okay, if debsign will strip off any existing signature before applying
the uploader's signature, then it sounds like the situation will not
arise.

That being the case, I will close this bug.

Thank you,


Paul
Reply to: