Control: severity -1 wishlist On Thu, 2016-11-10 at 19:49:03 +0100, Ximin Luo wrote: > Package: dpkg-dev > Version: 1.18.13 > Severity: important
> We would like dpkg-buildpackage to clearsign the buildinfo files that are > created. This allows them to be uploaded to services similar to keyservers, > for auditing and attestation purposes, that may be run independently of the > FTP archive. Yeah I know, and I had noticed this already just after the upload, but just notced it down with the other things I'd like to discuss regarding the buildinfo files, which I'll try to start this week, once the current uploads settle down a bit. > I'm happy to write this patch myself. That will take a little bit more time - > I > wanted to file this bug report early to check that you're not opposed to this > idea - and before too many other tools start assuming that buildinfo files are > unsigned. I think this should not be the case by default, just as you rarely > see an unsigned .dsc being distributed. > > There would also be a -ub option added, along the same lines as -us and -uc. > Then debsign from devscripts will also need to be updated, and I'll be happy > to > write the patch for this too. I'm planning on finishing up and merging the dpkg-sign branch, so this would be probably wasteful. I'll include the necessary changes there. Thanks, Guillem
