Bug#695914: dscverify says "Good signature found" for unsigned .dsc
Ansgar Burchardt
ansgar at debian.org
Fri Dec 14 10:04:00 UTC 2012
Package: devscripts
Version: 2.12.6
Severity: important
File: /usr/bin/dscverify
dscverify claims the attached *.dsc has a good signature. The file is however
not signed at all, see also #695855.
Ansgar
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBCHANGE_RELEASE_HEURISTIC=changelog
DEBCHANGE_MULTIMAINT_MERGE=yes
BTS_CACHE_MODE=mbox
DEBCOMMIT_SIGN_TAGS=yes
RMADISON_DEFAULT_URL=debian
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-32-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages devscripts depends on:
ii dpkg-dev 1.16.9
ii libc6 2.13-37
ii perl 5.14.2-16
ii python 2.7.3-3
Versions of packages devscripts recommends:
ii at 3.1.13-2
ii curl 7.28.0-3
ii dctrl-tools 2.22.2
ii debian-keyring 2012.11.15
ii dput-ng [dput] 1.1
ii equivs 2.0.9
ii fakeroot 1.18.4-2
ii gnupg 1.4.12-6
ii libcrypt-ssleay-perl 0.58-1
pn libdistro-info-perl <none>
ii libjson-perl 2.53-1
ii libparse-debcontrol-perl 2.005-3
ii libsoap-lite-perl 0.714-1
ii liburi-perl 1.60-1
ii libwww-perl 6.04-1
ii lintian 2.5.10.3
ii man-db 2.6.3-2
ii patch 2.6.1-3
ii patchutils 0.3.2-1.1
ii python-debian 0.1.21+nmu2
ii python-magic 5.11-2
ii sensible-utils 0.0.7
ii strace 4.5.20-2.3
ii unzip 6.0-8
ii wdiff 1.1.2-1
ii wget 1.14-1
ii xz-utils 5.1.1alpha+20120614-2
Versions of packages devscripts suggests:
ii build-essential 11.5
pn cvs-buildpackage <none>
pn devscripts-el <none>
ii gnuplot 4.6.0-8
ii heirloom-mailx [mailx] 12.5-2
pn libauthen-sasl-perl <none>
pn libfile-desktopentry-perl <none>
pn libnet-smtp-ssl-perl <none>
pn libterm-size-perl <none>
ii libtimedate-perl 1.2000-1
pn libyaml-syck-perl <none>
pn mutt <none>
ii openssh-client [ssh-client] 1:6.0p1-3
pn svn-buildpackage <none>
pn w3m <none>
-- no debconf information
-------------- next part --------------
Format: 3.0 (quilt)
Source: gnupg
Binary: gnupg, gnupg-curl, gpgv, gnupg-udeb, gpgv-udeb, gpgv-win32
Architecture: any all
Version: 1.4.12-6
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint at lists.alioth.debian.org>
Uploaders: Sune Vuorela <debian at pusling.com>, Daniel Leidert <dleidert at debian.org>, Thijs Kinkhorst <thijs at debian.org>
Homepage: http://www.gnupg.org
Standards-Version: 3.9.3
Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnupg/gnupg/
Vcs-Svn: svn://svn.debian.org/svn/pkg-gnupg/gnupg/trunk/
Build-Depends: debhelper (>> 7), libz-dev, libldap2-dev, libbz2-dev, libusb-dev [!hurd-i386], libreadline-dev, file, gettext, libcurl4-gnutls-dev
Build-Depends-Indep: mingw-w64
Package-List:
gnupg deb utils important
gnupg-curl deb utils optional
gnupg-udeb udeb debian-installer extra
gpgv deb utils important
gpgv-udeb udeb debian-installer extra
gpgv-win32 deb utils extra
Checksums-Sha1:
790587e440ec7d429b120db7a96a237badc638fd 4939171 gnupg_1.4.12.orig.tar.gz
ad9793124c400ca7e858291155b42b53ee87d2d4 92008 gnupg_1.4.12-6.debian.tar.gz
Checksums-Sha256:
bb94222fa263e55a5096fdc1c6cd60e9992602ce5067bc453a4ada77bb31e367 4939171 gnupg_1.4.12.orig.tar.gz
2d146235f3ff89f119849d34f455ba659c0e0dd0c08693305bac56a33dfe5978 92008 gnupg_1.4.12-6.debian.tar.gz
Files:
f9a65ccd7166d3fdb084454cf7427564 4939171 gnupg_1.4.12.orig.tar.gz
e23c2823d4105bfd4597fa4d1c88a87d 92008 gnupg_1.4.12-6.debian.tar.gz
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)
owE7LZPEEHDqh1NIRmaxAhDl5SsUZ6bnJZaUFqXqcQEA
=1Juc
-----END PGP MESSAGE-----
More information about the devscripts-devel
mailing list