Hi Jochen, On Wed, 2024-12-04 at 20:57 +0100, Jochen Sprickerhof wrote: > * Baptiste Beauplat <lykn...@debian.org> [2024-12-04 20:19]: > > A recent failure in snapshot CI[1] prompted us a new behavior from > > debsnap. > > > > Indeed, since 12272acf[2], debsnap now checks unconditionally dsc files > > for a good signature. > > > > We use a local keyring to sign the packages for the CI and I was going > > to do a fix for the CI specifically but thinking about it, it seems > > that snapshot does not guaranty that packages signature will be valid > > against a given host keyring. > > > > The key might have been revoked or removed from the keyring. > > > > For instance: on my sid box, `debsnap coreutils 8.21-1.2` fails. > > Sorry for breaking the CI, that was not intended. The discussion on this > was in: > > https://salsa.debian.org/debian/devscripts/-/merge_requests/434
That's no trouble. > > I'm not sure what the correct course of action here, making that check > > optional? Disabled or enabled by default, with a way to override it? > > I think making it a warning would make sense. Do you want to send a MR? I'd rather let the people involved in the discussion have a go at it since there are more familiar to the code and the subject than me. > > [1]: https://salsa.debian.org/pkern/snapshot/-/jobs/6695522 > > [2]: > > https://salsa.debian.org/debian/devscripts/-/commit/12272acfa4bb674f741d65ac9c0f0e624126ac2a -- Baptiste Beauplat
signature.asc
Description: This is a digitally signed message part
