Debian Bug report logs -
#10253
dpkg-dev: dpkg-buildpackage signs using the value for Maintainer:
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
:
Bug#10253
; Package dpkg-dev
.
(full text, mbox, link).
Acknowledgement sent to Herbert Xu <herbert@greathan.apana.org.au>
:
New bug report received and forwarded. Copy sent to Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dpkg-dev
Version: 1.4.0.17
This causes a lot of trouble for me since my pgp key includes my own email
address which differs from the one in Maintainer. Previous versions of
dpkg-dev did not do this. There should be an option to either revert to the
old behaviour or to specify the key to use.
-- System Information
Debian Release: 1.3
Kernel Version: Linux greathan 2.0.29 #1 Wed Apr 9 08:02:37 EST 1997 i586 unknown
Information forwarded to debian-bugs-dist@lists.debian.org, Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
:
Bug#10253
; Package dpkg-dev
.
(full text, mbox, link).
Acknowledgement sent to "Christian Hudon" <chudon@ee.mcgill.ca>
:
Extra info received and forwarded to list. Copy sent to Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #10 received at 10253@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Jun 1, Herbert Xu wrote
> Package: dpkg-dev
> Version: 1.4.0.17
>
> This causes a lot of trouble for me since my pgp key includes my own email
> address which differs from the one in Maintainer. Previous versions of
> dpkg-dev did not do this. There should be an option to either revert to the
> old behaviour or to specify the key to use.
You can have more than one email address attached to a given key. Why don't
you just add your Debian email address to your private key?
Christian
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
:
Bug#10253
; Package dpkg-dev
.
(full text, mbox, link).
Acknowledgement sent to Roman.Hodek@informatik.uni-erlangen.de
:
Extra info received and forwarded to list. Copy sent to Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #15 received at 10253@bugs.debian.org (full text, mbox, reply):
> > This causes a lot of trouble for me since my pgp key includes my
> own email > address which differs from the one in Maintainer.
> Previous versions of > dpkg-dev did not do this. There should be an
> option to either revert to the > old behaviour or to specify the key
> to use.
>
> You can have more than one email address attached to a given key.
> Why don't you just add your Debian email address to your private
> key?
I also have problem with this behaviour: If someone compiles packages
for another architecture (binary only), he now has to use the -m
option to get the .changes signed. Otherwise, dpkg-buildpackage tries
to sign with the key of the original maintainer, for which the one who
compiles probably doesn't have the secret key...
But this has the side effect that also dpkg-genchanges now uses the
address of the binary-only uploader in the .changes file in the
Maintainer: field, which is incorrect.
I strongly suggest to use two different option for the real maintainer
address and the pgp key selector to fix this. And if the pgp key name
is initialized with the maintainer address from the changelog (as it
currently is), it would also be nice if one can reset the name to pass
to pgp after -u can be empty. This way you still get the default
behaviour of pgp to sign with the last private key.
My preferred behaviour would be to pass -u to pgp only if some special
option is given. I guess not many people really need it...
Roman
Information forwarded to debian-bugs-dist@lists.debian.org, Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
:
Bug#10253
; Package dpkg-dev
.
(full text, mbox, link).
Acknowledgement sent to James Troup <J.J.Troup@comp.brad.ac.uk>
:
Extra info received and forwarded to list. Copy sent to Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #20 received at 10253@bugs.debian.org (full text, mbox, reply):
Roman Hodek <rnhodek@faui22c.informatik.uni-erlangen.de> writes:
> I also have problem with this behaviour: If someone compiles
> packages for another architecture (binary only), he now has to use
> the -m option to get the .changes signed. Otherwise,
> dpkg-buildpackage tries to sign with the key of the original
> maintainer, for which the one who compiles probably doesn't have the
> secret key...
>
> But this has the side effect that also dpkg-genchanges now uses the
> address of the binary-only uploader in the .changes file in the
> Maintainer: field, which is incorrect.
Actually, IMO, this is debatable. When I started building packages
for m68k, I wasn't pgp signing them, but I was using the -m option to
dpkg-buildpackge|dpkg-genchanges, because otherwise any installer
rejections of an upload get sent to the real maintainer and not the
arch-specific builder. Before I started doing this some very confused
i386 maintainers were sent mail about my rejected m68k upload of their
package.
I don't think the Maintainer: field in the .changes file should be set
to the real maintainer, not unless the install process is improved
(somehow) to avoid the situation I described above.
--
James
Information forwarded to debian-bugs-dist@lists.debian.org, Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
:
Bug#10253
; Package dpkg-dev
.
(full text, mbox, link).
Acknowledgement sent to Roman.Hodek@informatik.uni-erlangen.de
:
Extra info received and forwarded to list. Copy sent to Klee Dienes and Ian Jackson <dpkg-maint@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #25 received at 10253@bugs.debian.org (full text, mbox, reply):
James> Actually, IMO, this is debatable. When I started building
James> packages for m68k, I wasn't pgp signing them, but I was using
James> the -m option to dpkg-buildpackge|dpkg-genchanges, because
James> otherwise any installer rejections of an upload get sent to the
James> real maintainer and not the arch-specific builder. Before I
James> started doing this some very confused i386 maintainers were
James> sent mail about my rejected m68k upload of their package.
James>
James> I don't think the Maintainer: field in the .changes file should
James> be set to the real maintainer, not unless the install process
James> is improved (somehow) to avoid the situation I described above.
Hmm... I see your point. Since the installer script uses the value of
the Maintainer: field for replies, it more seems like a misnomer...
should be Uploader: or something like that. (The real maintainer can
easily be extracted from the .deb or somewhere else.)
Roman
Bug reassigned from package `dpkg-dev' to `dpkg-iwj'.
Request was from Wichert Akkerman <wichert@cs.leidenuniv.nl>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug reassigned from package `dpkg-iwj' to `dpkg'.
Request was from Anthony Towns <ajt@master.debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug closed, ack sent to submitter - they'd better know why !
Request was from Anthony Towns <ajt@master.debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug reassigned from package `dpkg' to `dpkg'.
Request was from Anthony Towns <ajt@master.debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Apr 26 22:51:13 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.