On Thu, Jul 06, 2017 at 09:16:50AM +0200, Guido Günther wrote: > On Wed, Oct 26, 2016 at 06:08:28PM -0400, James McCoy wrote: > > On Mon, Oct 24, 2016 at 01:25:03PM +0200, Bernhard Schmidt wrote: > > > asterisk$ gpg --import < debian/upstream/signing-key.asc > > > gpg: key DAB29B236B940F89: public key "Joshua Colp > > > <jc...@joshua-colp.com>" imported > > > gpg: key 9C59F000777DCC45: public key "Kevin Harwell > > > <kharw...@digium.com>" imported > > > gpg: key 6CB44E557BD982D8: public key "Richard Mudgett > > > <rmudg...@digium.com>" imported > > > gpg: key 368AB332B59975F3: public key "George Joseph > > > <gjos...@digium.com>" imported > > > gpg: Total number processed: 4 > > > gpg: imported: 4 > > > > > > DAB29B236B940F89 is in signing-key.asc but there is no signature, and > > > there is an additional signature from 8438CBA18D0CAA72 > > > > > > When this happens uscan exits with rc=0, but does not process the file > > > further without any meaningful error message. > > > > Indeed, uscan always exits with 0 if it found a newer version upstream. > > When support for gpg verification was added, there wasn't an exit code > > added to indicate that the verification failed. > > This is IMHO a security issues since it violates the principle of least > surprise and makes it hard to use in an automated way. Can uscan be > changed to exit non zero in case all signatures fail to validate? Maybe > with a separate option (--fail-on-bad-sig) ?
I'ved changed this behavior with https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=3f3efc9 such that signature verification failures are fatal. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
