Bug#841910: uscan behaviour on multiple signatures
Guido Günther
agx at sigxcpu.org
Fri Jul 7 06:00:27 UTC 2017
Hi James,
On Fri, Jul 07, 2017 at 12:38:46AM -0400, James McCoy wrote:
> On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote:
> > On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote:
> > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote:
> > > > asterisk$ gpg --import < debian/upstream/signing-key.asc
> > > > gpg: key DAB29B236B940F89: public key "Joshua Colp <jcolp at joshua-colp.com>" imported
> > > > gpg: key 9C59F000777DCC45: public key "Kevin Harwell <kharwell at digium.com>" imported
> > > > gpg: key 6CB44E557BD982D8: public key "Richard Mudgett <rmudgett at digium.com>" imported
> > > > gpg: key 368AB332B59975F3: public key "George Joseph <gjoseph at digium.com>" imported
> > > > gpg: Total number processed: 4
> > > > gpg: imported: 4
> > > >
> > > > DAB29B236B940F89 is in signing-key.asc but there is no signature, and
> > > > there is an additional signature from 8438CBA18D0CAA72
> > > >
> > > > When this happens uscan exits with rc=0, but does not process the file
> > > > further without any meaningful error message.
> > >
> > > Indeed, uscan always exits with 0 if it found a newer version upstream.
> > > When support for gpg verification was added, there wasn't an exit code
> > > added to indicate that the verification failed.
> >
> > This is IMHO a security issues since it violates the principle of least
> > surprise and makes it hard to use in an automated way. Can uscan be
> > changed to exit non zero in case all signatures fail to validate? Maybe
> > with a separate option (--fail-on-bad-sig) ?
>
> I'ved changed this behavior with
> https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=3f3efc9
> such that signature verification failures are fatal.
Great. Thanks a lot!
-- Guido
More information about the devscripts-devel
mailing list