[pkg-wine-party] Upload for gnome-exe-thumbnailer 0.9.4-2
Jens Reyer
jre.winesim at gmail.com
Mon Dec 12 00:40:48 UTC 2016
On 12.12.2016 01:12, James Lu wrote:
> Hi Jens,
>
>> Maybe have a look at the lintian hints:
>>
>> I vcs-field-uses-insecure-uri
>> vcs-git git://anonscm.debian.org/pkg-wine/gnome-exe-thumbnailer.git
>> P debian-watch-may-check-gpg-signature
>>
>> At least the first is trivial to fix, I'd recommend to do that for this
>> upload.
>>
>
> Done.
Great. Minor nitpick, the URL works, but looks strange. I'd suggest
https://anonscm.debian.org/git/pkg-wine/gnome-exe-thumbnailer.git
instead of
https://anonscm.debian.org/cgit/pkg-wine/gnome-exe-thumbnailer.git
>> The second is a bit harder to solve and needs upstream to sign future
>> releases. You may have a look at the wiki[1], and for automatic signing
>> at what winetricks does (I'm not sure if it's completely implemented
>> there yet).
>
> Hmm, I'll have to chat with Scott and Jan about this, though I don't see
> any new release in the near future.
>
> Also, is there a process for having multiple upstream keys? Although I
> tagged the 0.9.4 release on GitHub, I'd prefer having their keys added
> as well as my own, so they can sign future releases too.
> https://wiki.debian.org/debian/watch#Cryptographic_signature_verification
> is the reference I'm using (unless I'm misunderstanding the
> verification process).
Should work, I didn't test it though.
uscan(1):
If the signature file is downloaded, the downloaded upstream tarball is
checked for its authenticity against the downloaded signature file using
the keyring debian/upstream/signing-key.pgp or the armored keyring
debian/upstream/signing-key.asc (see "KEYRING FILE EXAMPLES").
[...]
$ gpg --export --export-options export-minimal --armor \
'CF21 8F0E 7EAB F584 B7E2 0402 C77E 2D68 7254 3FAF' \
>debian/upstream/signing-key.asc
[...]
If a group of developers sign the package, you need to list fingerprints
of all of them in the argument for gpg --export ... to make the keyring
to contain all OpenPGP keys of them.
Greets
jre
More information about the pkg-wine-party
mailing list