Package: dgit
Version: 12.9
In https://salsa.debian.org/dgit-team/dgit/-/issues/65 we see this
Successfully signed dsc, buildinfo, changes files
gpg: ../bpd/dgit-test-dummy_1.109_source.changes: Error checking signature
from 606D084E4683C079: SignatureVerifyError: 0
gpg: ../bpd/dgit-test-dummy_1.109.dsc: Error checking signature from
606D084E4683C079: SignatureVerifyError: 0
Checking signature on .changes
Checking signature on .dsc
Uploading to ftp-master (via ftp to ftp.upload.debian.org):
I think: the two messages from gpg were generated by gpg runs invoked
by dput; the two messages "Checking signature" were also from dput;
the messages are out of order due to stdio buffering.
I think this verification is useless and dgit should always suppress
it. dgit has *just made* these signatures (via debsign). With
`dgit rpush` the keys might not be available.
We could do this by passing -u to dput. But the user might have
said --dput=dupload and dupload has no -u option.
We could:
1. Ask dput for a way to control this with environment variables
2. Ask dupload to accept and ignore --unchecked (seems weird, and
has troublesome compat implications)
3. Add -u only if the dput command =~ m/dput/ (but we'd need the
user to be able to override it with --dput!:--unchecked
and that is goign to be fiddly).
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
