Bug#888046: marked as done (devscripts: Support signatures against uncompressed tarballs)
Mattia Rizzolo
mattia at debian.org
Tue Jan 23 14:53:03 UTC 2018
On Tue, Jan 23, 2018, Osamu Aoki wrote:
> > I'm also not sure the Debian archive supports uploading a signature file
> > against a file that isn't included in the distribution, so maybe this
> > isn't really an issue worth handling in uscan...
>
> That is not a uscan bug. I as the primary uscan committer want to hear
> your experience. Did you try? If you find out the answer, please let
> me know what shall be done.
I have the answer for you: the Debian archive doesn't even check that
the uploaded .asc is an actual signature. IIRC it only does a check on
the filename (to assure that you are uploading something that is related
to an already known file), but nothing else. That also means that it
doesn't actually performe a signature check either.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20180123/388594b3/attachment.sig>
More information about the devscripts-devel
mailing list