Hi Baptiste, * Baptiste Beauplat <lykn...@debian.org> [2024-12-04 20:19]:
A recent failure in snapshot CI[1] prompted us a new behavior from debsnap.Indeed, since 12272acf[2], debsnap now checks unconditionally dsc files for a good signature. We use a local keyring to sign the packages for the CI and I was going to do a fix for the CI specifically but thinking about it, it seems that snapshot does not guaranty that packages signature will be valid against a given host keyring. The key might have been revoked or removed from the keyring. For instance: on my sid box, `debsnap coreutils 8.21-1.2` fails.
Sorry for breaking the CI, that was not intended. The discussion on this was in:
https://salsa.debian.org/debian/devscripts/-/merge_requests/434
I'm not sure what the correct course of action here, making that check optional? Disabled or enabled by default, with a way to override it?
I think making it a warning would make sense. Do you want to send a MR?
[1]: https://salsa.debian.org/pkern/snapshot/-/jobs/6695522 [2]: https://salsa.debian.org/debian/devscripts/-/commit/12272acfa4bb674f741d65ac9c0f0e624126ac2a
Cheers Jochen
signature.asc
Description: PGP signature
