Bug#594907: ITP: kspsig -- Key Signing Party signature verification tool
>> Sounds like it should be in signing-party instead.
> Indeed it very well may want to be part of signing-party when
> it grows up... The primary rationale for it being separate now
> includes:
> 1. As this tool is making assertions about signature strength which
> important to our web of trust it is recommended that this
> tool get peer testing and review on it's own (as to avoid
> versioning signing-party at this early stage).
> 2. It has been suggested that the correct implementation of
> this tool is to read the keyring directly -- instead of using
> gpg -- in which case the implementation may change significantly.
> If these goals should be accomplished without creating a
> separate package I would be happy to pursue that approach.
I dont get why those two reasons make it need an own package. The
implementation can well change even if its in s-p, as well as the
testing can happen there?
--
bye, Joerg
Contrary to common belief, Arch:i386 is *not* the same as Arch: any.
Reply to: