Bug#796293: insufficient/confusing documentation for pgpsigurlmangle
Thomas Koch
thomas at koch.ro
Fri Aug 21 07:13:02 UTC 2015
Package: devscripts
Version: 2.15.8~bpo8+1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
There are a few related shortcomings with the documentation of
pgpsigurlmangle and the related lintian tag
debian-watch-may-check-gpg-signature.
1) The uscan manpage says:
"This signature must be made by a key found in the keyring
debian/upstream/signing-key.pgp or the armored keyring
debian/upstream/signing-key.asc."
- - What is an armored keyring?
- - Isn't it, that the .asc file is just one public key as produced
by gpg --armor --export $KEYID?
- - Please give an example how to correctly produce this file.
- - How can I produce a keyring .pgp file?
- - Which format should be preferred? I don't like choices.
2) There is no example of a full watch file with a pgpsigurlmangle
option. I needed several tries to get it right because it was the
first time that I had to produce a non trivial watch file with an
option. I believe that many others might be in the same situation.
Please add an example to the uscan manpage or the lintian tag or
both.
3) The lintian tag says:
"verified against a keyring stored in debian/upstream-signing-key.asc"
The manpage does not mention this file. It seems that the code
still uses it, but it is confusing.
4) How about a script, that checks all watch files, tries GET
requests against $URL.sig, $URL.asc and proposes a new watch file
to the maintainer in case it finds something?
Thomas Koch
- -- Package-specific info:
- --- /etc/devscripts.conf ---
- --- ~/.devscripts ---
DEBSIGN_KEYID="042BA65A"
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-i\.git -I.git"
DEBEMAIL="thomas at koch.ro"
DEBFULLNAME="Thomas Koch"
BTS_INTERACTIVE=yes
BTS_DEFAULT_CC="thomas at koch.ro"
- -- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.1.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.17.25
ii libc6 2.19-18
ii perl 5.20.2-3+deb8u1
ii python3 3.4.2-2
pn python3:any <none>
Versions of packages devscripts recommends:
ii at 3.1.16-1
ii curl 7.38.0-4+deb8u2
ii dctrl-tools 2.23
ii debian-keyring 2015.04.10
ii dput 0.9.6.4
ii equivs 2.0.9
ii fakeroot 1.20.2-1
ii file 1:5.22+15-2
ii gnupg 1.4.18-7
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.03-1
ii libjson-perl 2.61-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.11-1
ii liburi-perl 1.64-1
ii libwww-perl 6.08-1
ii lintian 2.5.35~bpo8+1
ii man-db 2.7.0.2-5
ii patch 2.7.5-1
ii patchutils 0.3.3-1
ii python3-debian 0.1.27
ii python3-magic 1:5.22+15-2
ii sensible-utils 0.0.9
ii strace 4.9-2
ii unzip 6.0-16
ii wdiff 1.2.2-1
ii wget 1.16-1
ii xz-utils 5.1.1alpha+20120614-2+b3
Versions of packages devscripts suggests:
ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2
ii build-essential 11.7
pn cvs-buildpackage <none>
pn debbindiff <none>
ii devscripts-el 35.12
ii gnuplot 4.6.6-2
ii gpgv 1.4.18-7
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.07-1
ii libnet-smtp-ssl-perl 1.01-3
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mutt 1.5.23-3
ii openssh-client [ssh-client] 1:6.7p1-5
pn svn-buildpackage <none>
ii w3m 0.5.3-19
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV1s9+AAoJEAf8SJEEK6Za6PkP/3TiZFiDqh8XFe5h6ycs7NtC
7YlVkoZAQ6LHzH4qFJo3xmnjSdMtX+t8f0uyAUijCIVKR0eFFl+IhcymzhMuHZve
ddU8UouXZWm4jkUfXluyoJkHJkEWri90nZaq1F6iCMmJCljKVK0J4XZP4OJlZZ3k
6ka26KBkDp+wTTAPUWrRDckYsxMN60mOo+2OAGm+Gmyg5/QKcdf/VoKUWnLBt1ak
/l7uRSRd422CWDOqQJX1MpPM5nz65f16S1+AEWtkMnq3BxrfFKkudD26dam+lnLo
en1V6Ia1/uMS1/jgzrJsxpGn6kHrSVQkqcKRco+5yiGRYylvcQG237Gh04LAiCO2
IctQCtG05mGUPKBR44PMULgal18JkAwgZB5Ty9z+hNugiOGsuQOIV9u8MdKs1ll6
nqT+QzlttS1nFeHtB39RfNHF319DDsE5Wfuh3GZdi0sRXPUdncY7tncqJ3AVRQUx
475LdfmkRh81IMoKaFbJy3MayVAbT2LOtsU2+SJlzRJtueVyTukuBUR0vkflPB2d
JPFJW8UgG6v2sLZu9f11nsh60MkugO1iDfcO+HRXXSZQ47Noyr7YPqzdAs0dzJNH
XQBYLv7tNs1g0v4I2CnY3zCr+TLk0gTdidisvKINWwy7uXUkho0nwFJuYYcGzn3l
oEKKgNOqWP5OshvrK1dt
=puBp
-----END PGP SIGNATURE-----
More information about the devscripts-devel
mailing list