Bug#768345: devscripts: upstream signature verification fails with gpg 2.1
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Dec 16 22:00:29 UTC 2014
On 12/16/2014 03:51 PM, James McCoy wrote:
> On Dec 16, 2014 2:57 PM, "Daniel Kahn Gillmor" <dkg at fifthhorseman.net>
> wrote:
>>
>> On Thu 2014-11-06 12:20:14 -0500, Daniel Kahn Gillmor wrote (in #768345):
>>> when gpg2 2.1 is installed (currently available in debian
>>> experimental), uscan --verbose fails to check the upstream signature
>>> when the upstream signing key is ascii-armored.
>>
>> I see that 2.14.11 has been released without including this fix. What
>> can i do to convince the devscripts maintainers to apply this fix?
>
> 2.14.11 was targeted at Jessie. According to your initial email, it didn't
> seem like gpg2 2.1 was going to be released with Jessie. I haven't
> forgotten about the patch, but I'm focusing on things related to the
> release right now.
2.1 is unlikely to be released with jessie, but i am hoping to backport
relatively early in the jessie cycle so that people can have access to
OpenPGP ECC.
I suppose if devscripts gets backported as well, we can just rely on
jessie-backports users to upgrade both together.
Thanks for your work on devscripts,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20141216/5bdafb94/attachment.sig>
More information about the devscripts-devel
mailing list