Control: tag 823428 pending
Hi!
Bug #823428 in package dpkg reported by you has been fixed in
the dpkg/dpkg.git Git repository. You can see the changelog below, and
you can check the diff of the fix at:
https://anonscm.debian.org/cgit/dpkg/dpkg.git/diff/?id=a558a21
---
commit a558a21ae7f04751f7f5dfe724cd9d5f95905734
Author: Guillem Jover <guil...@debian.org>
Date: Thu May 5 20:13:56 2016 +0200
dpkg-source: Add new --require-strong-checksums option and change default
Erroring out when no strong checksums are present is very harsh, as we
do not even do something similar for invalid/unknown/expired signatures
which means doing this for checksums has really no point.
Add a new command-line option to force the behavior to be strict, and
change to a warning.
Regression introduced in commit 040973c7a1e50b78ef042ef5ffbfff0440c24700.
Closes: #823428
Reported-by: Niko Tyni <nt...@debian.org>
diff --git a/debian/changelog b/debian/changelog
index e70cae6..654e40f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,15 @@
dpkg (1.18.7) UNRELEASED; urgency=medium
[ Guillem Jover ]
+ * Add new dpkg-source --require-strong-checksums option and change default.
+ There is no point in erroring out on this condition when signature issues
+ are only warnings, because we cannot guarantee we have functional keys
+ for old signatures. Regression introduced in dpkg 1.18.5. Closes: #823428
* Perl modules:
- Relax dependency restrictions parsing to allow again sloppy spaces
around versions, architectures and profile restrictions.
Regression introduced in 1.18.5. Closes: #823431
+ - Add new require_strong_checksums option to Dpkg::Source::Package.
* Documentation:
- Shorten example symbol names in dpkg-gensymbols to avoid a mandb
warning due to unwrappable lines in translations.
