Bug#835475: /usr/bin/dscverify: dscverify: please use libdpkg-perl for .dsc parsing and verification
Johannes Schauer
josch at debian.org
Fri Aug 26 09:19:08 UTC 2016
Control: retitle -1 dscverify: dscverify: please use libdpkg-perl for .dsc parsing and verification
Hi,
On Fri, 26 Aug 2016 09:35:20 +0200 Johannes Schauer <josch at debian.org> wrote:
> dscverify currently uses multiple regexes to parse a .dsc. Instead
> libdpkg-perl could be used. The advantages would be:
>
> - shorter code of dscverify
> - always using the latest hash sum algorithms
> - less surface for bugs to appear
> - automatic support for other signed deb822 formats with file lists
>
> If you would appreciate a conversion of the current dscverify code to
> libdpkg-perl, then please shout. I have experience with using the dpkg's
> perl api from using it for sbuild and I can easily provide a patch if
> that would be appreciated by the devscript maintainers.
I just learned from Guillem that a dpkg tool is in the works with similar
capabilities as dscverify. It is called dpkg-sign and can also be used for
signature and checksum verification:
https://git.hadrons.org/cgit/debian/dpkg/dpkg.git/tree/scripts/dpkg-sign.pl?h=pu/dpkg-sign
Thus, most of what dscverify does will become obsolete in the near future.
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20160826/4c5974b5/attachment.sig>
More information about the devscripts-devel
mailing list