Bug#796311: marked as done (please suggest debian/upstream/signing-key.{asc,pgp} instead of debian/upstream-signing-key.asc for the debian-watch-may-check-gpg-signature tag)
Your message dated Fri, 11 Sep 2015 15:24:47 +0000
with message-id <E1ZaQBz-0001WO-OO@franck.debian.org>
and subject line Bug#796311: fixed in lintian 2.5.37
has caused the Debian Bug report #796311,
regarding please suggest debian/upstream/signing-key.{asc,pgp} instead of debian/upstream-signing-key.asc for the debian-watch-may-check-gpg-signature tag
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
796311: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796311
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: insufficient/confusing documentation for pgpsigurlmangle
- From: Thomas Koch <thomas@koch.ro>
- Date: Fri, 21 Aug 2015 09:13:02 +0200
- Message-id: <20150821071302.27905.10429.reportbug@x121e>
Package: devscripts
Version: 2.15.8~bpo8+1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
There are a few related shortcomings with the documentation of
pgpsigurlmangle and the related lintian tag
debian-watch-may-check-gpg-signature.
1) The uscan manpage says:
"This signature must be made by a key found in the keyring
debian/upstream/signing-key.pgp or the armored keyring
debian/upstream/signing-key.asc."
- - What is an armored keyring?
- - Isn't it, that the .asc file is just one public key as produced
by gpg --armor --export $KEYID?
- - Please give an example how to correctly produce this file.
- - How can I produce a keyring .pgp file?
- - Which format should be preferred? I don't like choices.
2) There is no example of a full watch file with a pgpsigurlmangle
option. I needed several tries to get it right because it was the
first time that I had to produce a non trivial watch file with an
option. I believe that many others might be in the same situation.
Please add an example to the uscan manpage or the lintian tag or
both.
3) The lintian tag says:
"verified against a keyring stored in debian/upstream-signing-key.asc"
The manpage does not mention this file. It seems that the code
still uses it, but it is confusing.
4) How about a script, that checks all watch files, tries GET
requests against $URL.sig, $URL.asc and proposes a new watch file
to the maintainer in case it finds something?
Thomas Koch
- -- Package-specific info:
- --- /etc/devscripts.conf ---
- --- ~/.devscripts ---
DEBSIGN_KEYID="042BA65A"
DEBUILD_DPKG_BUILDPACKAGE_OPTS="-i\.git -I.git"
DEBEMAIL="thomas@koch.ro"
DEBFULLNAME="Thomas Koch"
BTS_INTERACTIVE=yes
BTS_DEFAULT_CC="thomas@koch.ro"
- -- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.1.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages devscripts depends on:
ii dpkg-dev 1.17.25
ii libc6 2.19-18
ii perl 5.20.2-3+deb8u1
ii python3 3.4.2-2
pn python3:any <none>
Versions of packages devscripts recommends:
ii at 3.1.16-1
ii curl 7.38.0-4+deb8u2
ii dctrl-tools 2.23
ii debian-keyring 2015.04.10
ii dput 0.9.6.4
ii equivs 2.0.9
ii fakeroot 1.20.2-1
ii file 1:5.22+15-2
ii gnupg 1.4.18-7
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.03-1
ii libjson-perl 2.61-1
ii liblwp-protocol-https-perl 6.06-2
ii libsoap-lite-perl 1.11-1
ii liburi-perl 1.64-1
ii libwww-perl 6.08-1
ii lintian 2.5.35~bpo8+1
ii man-db 2.7.0.2-5
ii patch 2.7.5-1
ii patchutils 0.3.3-1
ii python3-debian 0.1.27
ii python3-magic 1:5.22+15-2
ii sensible-utils 0.0.9
ii strace 4.9-2
ii unzip 6.0-16
ii wdiff 1.2.2-1
ii wget 1.16-1
ii xz-utils 5.1.1alpha+20120614-2+b3
Versions of packages devscripts suggests:
ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2
ii build-essential 11.7
pn cvs-buildpackage <none>
pn debbindiff <none>
ii devscripts-el 35.12
ii gnuplot 4.6.6-2
ii gpgv 1.4.18-7
ii libauthen-sasl-perl 2.1600-1
ii libfile-desktopentry-perl 0.07-1
ii libnet-smtp-ssl-perl 1.01-3
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mutt 1.5.23-3
ii openssh-client [ssh-client] 1:6.7p1-5
pn svn-buildpackage <none>
ii w3m 0.5.3-19
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV1s9+AAoJEAf8SJEEK6Za6PkP/3TiZFiDqh8XFe5h6ycs7NtC
7YlVkoZAQ6LHzH4qFJo3xmnjSdMtX+t8f0uyAUijCIVKR0eFFl+IhcymzhMuHZve
ddU8UouXZWm4jkUfXluyoJkHJkEWri90nZaq1F6iCMmJCljKVK0J4XZP4OJlZZ3k
6ka26KBkDp+wTTAPUWrRDckYsxMN60mOo+2OAGm+Gmyg5/QKcdf/VoKUWnLBt1ak
/l7uRSRd422CWDOqQJX1MpPM5nz65f16S1+AEWtkMnq3BxrfFKkudD26dam+lnLo
en1V6Ia1/uMS1/jgzrJsxpGn6kHrSVQkqcKRco+5yiGRYylvcQG237Gh04LAiCO2
IctQCtG05mGUPKBR44PMULgal18JkAwgZB5Ty9z+hNugiOGsuQOIV9u8MdKs1ll6
nqT+QzlttS1nFeHtB39RfNHF319DDsE5Wfuh3GZdi0sRXPUdncY7tncqJ3AVRQUx
475LdfmkRh81IMoKaFbJy3MayVAbT2LOtsU2+SJlzRJtueVyTukuBUR0vkflPB2d
JPFJW8UgG6v2sLZu9f11nsh60MkugO1iDfcO+HRXXSZQ47Noyr7YPqzdAs0dzJNH
XQBYLv7tNs1g0v4I2CnY3zCr+TLk0gTdidisvKINWwy7uXUkho0nwFJuYYcGzn3l
oEKKgNOqWP5OshvrK1dt
=puBp
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.5.37
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 796311@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niels Thykier <niels@thykier.net> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Sep 2015 16:37:10 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.37
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
lintian - Debian package checker
Closes: 786867 788926 792418 793503 795614 795667 795779 795955 796311 796822 797395 797600 797951 798063 798359 798385 798422
Changes:
lintian (2.5.37) unstable; urgency=medium
.
* Summary of tag changes:
+ Added:
- obsolete-url-in-packaging
- renamed-tag
.
* checks/application-not-library.{desc,pm}:
+ [AB] Downgrade libapp-perl-package-name to certainty possible.
+ [AB] Add libapp-options-perl to the package whitelist.
* checks/binaries.pm:
+ [NT] Apply patch from Michael Stapelberg to ignore
"no-relro" and "no-fortify-functions" issues in
binaries built by the go compiler, as it does not
support these features. (Closes: #795667)
+ [NT] Apply patch from Michael Stapelberg to a
common false positive spelling mistake in "go"
binaries. (Closes: #795614)
+ [NT] Apply patch from Guillem Jover to avoid some false
positive shared-lib-without-dependency-information tags.
(Closes: #798063)
* checks/control-file.pm:
+ [AB] Apply patch by Christoph Biedl for relaxing dependency checks
to allow versions with tilde. (Closes: #797951)
* checks/copyright.pm:
+ [BR] Fix FP for copyright-without-copyright-notice tag
allow public-domain. (Closes: #786867)
* checks/cruft.pm:
+ [BR] Fix complex regular subexpression recursion limit.
Strip comments is only done on first 8192 characters.
(Closes: #795955).
+ [BR] Performance improvement check if line < 1024 before
stripping comment. Classify to minified if line > 1024.
+ [BR] Fix false positive in missing-sources directory
search path.
* checks/debhelper.pm:
+ [NT] Unconditionally warn about dh_clean -k usage even when the
debhelper compat is less than 7.
* checks/description.pm:
+ [AB] Fix false positives in
perl-module-name-not-mentioned-in-description. (Closes: #795779)
* checks/fields.{desc,pm}:
+ [JW] Use "an" (instead of "a") before "HTTP".
+ [NT] Assert that -dbgsym packages are in the "debug" section.
Thanks to Jean-Michel Vourgère for reporting the issue.
+ [AB] Also emit package-relation-with-perl-module for build-*
relations. Thanks gregor herrmann! (Closes: #798385)
* checks/obsolete-sites.{desc,pm}:
+ [AB] New check with tag obsolete-url-in-packaging to check for URLs
of hosting sites with frozen contents or (soon to be) closed hosting
sites (Google Code, Gitorious, Freshmeat, etc.) inside the
packaging. (Closes: #793503)
* checks/scripts.pm:
+ [BR] Fix Unescaped left brace in regex. (Closes: #788926)
* checks/shared-libs.{desc,pm}:
+ [NT] Accept an "activate-noawait ldconfig" trigger instead of
explicit calls to "ldconfig".
* checks/testsuite.pm:
+ [AB] Split up restrictions, features and tests by comma as well as
space. (Closes: #798359, #792418)
* checks/version-substvars.pm:
+ [BR] Fix Unescaped left brace in regex is deprecated line 68.
* checks/watch.desc:
+ [BR] Upgrade upstream PGP keys location. (Closes: #796311)
.
* data/binaries/embedded-libs:
+ [RG] Add another matching string for libidn
* data/common/source-fields:
+ [AB] Add patch by Tianon Gravi to add go-import-path as known source
field. (Closes: #798422)
* data/fields/archive-sections:
+ [NT] Remove the "debugsym" section as "ddebs" will be put in
the regular "debug" section.
* data/fields/binary-fields:
+ [NT] Accept the "Build-Ids" field, which debhelper will start to
include in debug packages.
* data/scripts/maintainer-script-bad-command:
+ [AB] Fix maintainer-script-should-not-use-adduser-system-without-home
false positive in cases where --system and --home are ordered
differently than initially expected. (Closes: #797395)
* data/spelling/corrections:
+ [JW] Add correction for "bellow". (This is an actual English word,
but in technical texts, it's almost certainly a misspelling of
"below".)
+ [JW] Add correction for "positve".
.
* debian/control:
+ [AB] Update Vcs-Browser header to use https and cgit.
.
* lib/Lintian/{Tags.pm,Tag/Override.pm}:
+ [BR] Support tag renaming. Warn about renamed
tags.
.
* t/runtests:
+ [BR] Apply patch from Chris Lamb improving documentation.
(Closes: #796822).
* t/scripts/01-critic/runner.pl:
+ [AB] Fix FTBFS in perlcritic runner with Test::Perl::Critic 1.03
* t/tests/application-not-library/debian/debian/control.in:
+ [AB] Add a false positive test for libapp-perl-package-name.
* t/tests/rules-perl-makemaker/debian/debian/rules:
+ [NT] Pass DESTDIR to MakeMaker to avoid FTBFS with Perl 5.22.
Thanks to Dominic Hargreaves for the report. (Closes: #797600)
Checksums-Sha1:
67d5166215911cb519df1ed6e486ca0c6f9a2a63 2758 lintian_2.5.37.dsc
42a1ffc0d1a5782fd527e7784accd0df38065556 1248884 lintian_2.5.37.tar.xz
736a806f10e6718d310f1898e29e6ecbceb7c0e8 833260 lintian_2.5.37_all.deb
Checksums-Sha256:
ba30420ac586304141af3b958589a5d276533a16d797dcc1529d0af9dfaa9577 2758 lintian_2.5.37.dsc
2214355114c7120ca95ea094894148c7dbec7c890dd88834e537a0c2da4fef6a 1248884 lintian_2.5.37.tar.xz
5af5d33b24467fec0169977aede130b7261b10b2f930e682bc95079323e03b98 833260 lintian_2.5.37_all.deb
Files:
0c44741de4634a190ff87e38bdc57cc5 2758 devel optional lintian_2.5.37.dsc
60ef2d2990b4f56f5ddec83911098e92 1248884 devel optional lintian_2.5.37.tar.xz
b70b6d07004095c77ad4a67fab115882 833260 devel optional lintian_2.5.37_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV8ufcAAoJEAVLu599gGRC+ocP/08Oy+EiLcZCA60AdO3R66k/
sLcwBCsWgeC4UD7J8k39Ywa+QZ4fLMTaagHGhc5F8eMESUD8+MVGHh3nVie3sBp6
MmxEzQJZ4jR2JpZf405lDdh6kJShcIejc1exUbdaSoGeilynWiMYHOZyv+7LFfHe
gtXri8G+O8cQn528M6j58bqPycs7n/aV5J2i2lkxwca/HLmHu8dc5jlW0b93FouS
PatTdR8OBW6osUQVlY8vGZE35gtvHTOo5YhS6oFo8L+GMdmWUtm1fDGtiI4OOobF
+Wn3k13Sjx8I1Ke/Zf+dgsSFYmoLNJqh3yhhTA9dsDceHU79M+fogD7XZgFITQlz
XAwNVA9AqMAQ1vZOn9yYzvxmRIU+QsAho+cQQWcXGFvbvuaBMuwfur3blWD2N/GK
QlSCCtwKpdMvxVsLeZPdCMhTakA8gdbCZ7uGTkY/YThxFyEGrOiXCkEQuK+Jk739
8BCRsA1Pj9jWqou8tpkyXIS/stF66Rxw/oHGl/TCqNUX+HOKIfgJSNMAO/ttrn5u
07MQtLUkso/X2JSfBYgPSU0fXuUDhMmKe6Tkfedx8FO9jqK3CDrfu5mWYneyoIar
BQMN3zj0kNnNG6d8bOrrvvzsBOH5POHgUHH7k28iQScmPBHQOsMdW82il5MifmuS
XEUKeEJVyR+gQxeMAKF9
=owdz
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: