Sam Hartman writes ("Bug#926477: dgit accepts short keyid even though debsign
does not"):
> Package: dgit
> Version: 8.3
> Severity: important
...
> Someone wrote in a forum that I can't quote here something along the
> lines of it should be a bug for any Debian package to accept a
> short-form GPG keyid. I agree.
That might even have been me.
> Dgit still accepts short-form keyids (and it doesn't look like this
> has been fixed in the repo) even though tools it calls does not.
I don't think dgit does anything with the keyid other than pass it to
other tools. It doesn't validate the format at all, just treating it
as an opaque string.
I don't think it's dgit's job to do that ? Is there a practical
problem that results from dgit not investigating the keyid syntax and
length ?
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
