Simon Josefsson writes ("Re: Bug#1091868: debian-policy: Document
Git-Tag-Tagger and Git-Tag-Info fields"):
> Do consumers of this field have to handle both SHA1 and SHA256 git
> object ids?
Consumers ought to cope with both, but right now it'll be SHA1 object
ids.
> OpenPGP v5 or v6 fingerprint?
I'm afraid I don't know the answer to this. I haven't been following
recent OpenPGP evolution. In practice what we're currently emitting
is whatever gpgv produces.
> How are they supposed to behave if they cannot understand parts of the
> information in the header?
I think that depends on the use case. Eg, you might carry on without
the relevant information. Whether that's acceptable depends on the
semantic needs of the consumer.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
