Bug#732449: devscripts: uscan should check for likely URLs for upstream cryptographic signatures

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Dec 18 07:24:27 UTC 2013 

Package: devscripts
Version: 2.13.8
Severity: normal
Tags: patch

now that pgpsigurlmangle is available, it would be nice to remind
package maintainers if upstream is offering something that looks like
a cryptographic signature.

the attached patch implements such a check.

    --dkg

-- Package-specific info:

--- /etc/devscripts.conf ---

--- ~/.devscripts ---
Not present

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages devscripts depends on:
ii  dpkg-dev     1.16.12
ii  libc6        2.17-97
ii  perl         5.18.1-5
ii  python3      3.3.2-17
pn  python3:any  <none>

Versions of packages devscripts recommends:
ii  at                          3.1.14-1
ii  curl                        7.33.0-1
ii  dctrl-tools                 2.23
ii  debian-keyring              2013.12.13
ii  dput-ng [dput]              1.7
ii  dupload                     2.7.0
pn  equivs                      <none>
ii  fakeroot                    1.18.4-2
ii  gnupg                       1.4.15-1.1
ii  libdistro-info-perl         0.11
ii  libencode-locale-perl       1.03-1
ii  libjson-perl                2.61-1
ii  liblwp-protocol-https-perl  6.04-2
ii  libparse-debcontrol-perl    2.005-4
pn  libsoap-lite-perl           <none>
ii  liburi-perl                 1.60-1
ii  libwww-perl                 6.05-2
ii  lintian                     2.5.20
ii  man-db                      2.6.5-2
ii  patch                       2.7.1-4
ii  patchutils                  0.3.2-3
ii  python3-debian              0.1.21+nmu2
pn  python3-magic               <none>
ii  sensible-utils              0.0.9
ii  strace                      4.5.20-2.3
ii  unzip                       6.0-10
ii  wdiff                       1.2.1-1
ii  wget                        1.14-5
ii  xz-utils                    5.1.1alpha+20120614-2

Versions of packages devscripts suggests:
ii  build-essential              11.6
pn  cvs-buildpackage             <none>
ii  devscripts-el                35.8
pn  gnuplot                      <none>
ii  gpgv                         1.4.15-1.1
ii  heirloom-mailx [mailx]       12.5-2
pn  libauthen-sasl-perl          <none>
pn  libfile-desktopentry-perl    <none>
ii  libnet-smtp-ssl-perl         1.01-3
pn  libterm-size-perl            <none>
ii  libtimedate-perl             2.3000-1
pn  libyaml-syck-perl            <none>
ii  mailutils [mailx]            1:2.99.98-1.1
pn  mutt                         <none>
ii  openssh-client [ssh-client]  1:6.4p1-1
ii  svn-buildpackage             0.8.5
pn  w3m                          <none>

-- debconf-show failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: uscan-look-for-signature.diff
Type: text/x-diff
Size: 1489 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20131218/69838aef/attachment.diff>

More information about the devscripts-devel mailing list