Howdy all, I have uploaded to ‘experimental’ a pre-release of the GnuPG changes in Dput. The version is dput “0.11.0~3”.
If your packaging workflow has unusual signing practices, or an unusual GnuPG configuration, your help will be especially valuable to test this change. In particular I am seeking workflows and tests that: * Use signatures from keys that are now expired, or from keys that your GnuPG doesn't trust, or from keys that your GnuPG doesn't know. * Use signatures that are well-formed but fail to verify, or that are good but very old, or that are from the future. * Use non-default hash algorithms, or non-default options that would otherwise affect the generated signature. * Use GnuPG version 1 on a system with GnuPG 2, or vice versa. * Use outdated versions of GPGME. * etc. I'm also hoping some people interested in back-porting ‘dput’ to older Debian releases can help test these changes on those systems. Please feel free to file bugs against ‘dput/0.11.0~3’ for regressions in GnuPG signature verification in unusual workflows. -- \ “It is difficult to get a man to understand something when his | `\ salary depends upon his not understanding it.” —Upton Sinclair, | _o__) 1935 | Ben Finney
