On Fri, 2006-07-21 at 14:43 +0200, Jeroen van Wolffelaar wrote: > This would mean that the queue processer would need to gain a fuzzy > parser: need to cope with random data prepended, and still find > out/guess what's the problem. > > It's much easier for dput (and co) to gain some check whether the signed
Well, you'd need to code a check into two different languages already (for dupload and dput) and would not catch anyone just uploading with ftp or any possible new tool that would come by. > content actually looks like a .changes file, that is, consists of "Key: > value" pairs and has at least the mandatory fields (and maybe also check > whether the email address listed looks like a valid address and not > something @local or so). This would also catch other potential mistakes. > The queue processing software uses a standard 'mail header' parser, > which breaks parsing on the first newline, which happens to be before > the intended content. One very simple 'grep' on the file would turn out a usable point of contact. Another quite simple solution is as long as the changes file starts with '-----BEGIN PGP SIGNED MESSAGE-----' to remove the signature (instead of doing it once). In both cases you've solved the problem for every case and in one place, and don't need to write code for the different tools people use or don't use. Thijs
signature.asc
Description: This is a digitally signed message part
