On 06/05/2013 09:24 PM, James McCoy wrote:
>> I took a quick look at the patch and found to things: 1) Please update
>> README in addition to d/control and 2) please check the indentation.
>
> A little clarification on this. uscan uses (as most of the shell/Perl
> scripts in devscripts do) the fo
On Wed, Jun 05, 2013 at 11:42:19PM +0200, Benjamin Drung wrote:
> Am Mittwoch, den 05.06.2013, 15:15 -0400 schrieb Daniel Kahn Gillmor:
> > [i'm not on the devscripts-devel list, please cc me or
> > 610...@bugs.debian.org]
> >
> > On Sat 2013-05-04 05:26:55 -0400, Daniel Kahn Gillmor wrote:
> >
Am Mittwoch, den 05.06.2013, 15:15 -0400 schrieb Daniel Kahn Gillmor:
> [i'm not on the devscripts-devel list, please cc me or 610...@bugs.debian.org]
>
> On Sat 2013-05-04 05:26:55 -0400, Daniel Kahn Gillmor wrote:
>
> > On Sat 2013-05-04 05:03:36 -0400, Daniel Kahn Gillmor wrote:
> >
> >> The a
[i'm not on the devscripts-devel list, please cc me or 610...@bugs.debian.org]
On Sat 2013-05-04 05:26:55 -0400, Daniel Kahn Gillmor wrote:
> On Sat 2013-05-04 05:03:36 -0400, Daniel Kahn Gillmor wrote:
>
>> The attached patch implements the above proposal, using (e.g.)
>> opts=pgpsigurlmangle=s/
On Sat 2013-05-04 05:03:36 -0400, Daniel Kahn Gillmor wrote:
> The attached patch implements the above proposal, using (e.g.)
> opts=pgpsigurlmangle=s/$/.asc/ and debian/upstream-signing-key.pgp.
This time with the patch actually attached :/
--dkg
commit 13667a098a23d6c4a522322672f79d88ee
On Saturday 04 May 2013 05:03:36 Daniel Kahn Gillmor wrote:
> The attached patch implements the above proposal, using (e.g.)
> opts=pgpsigurlmangle=s/$/.asc/ and debian/upstream-signing-key.pgp.
The file seems to be empty. At least I cannot download the content from
bugs.debian.org
http://bugs
Control: tags 610712 + patch
On Fri 2011-01-21 11:25:27 -0500, Emil Langrock wrote:
> A more interesting approach is to make it possible to download the source
> tarball and a pgp/gnupg signature which is used to verify the the
> file.
This is i think the approach we want to pursue. having a st
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php clearly shows the
problematic situation of not having cryptographic signatures or tools to check
it offline. This could easily break the trust chain and therefore introduce
backdoors in Debian even when upstream and Debian packagers d
Package: devscripts
Version: 2.10.69
Severity: wishlist
It happened in the past and will happen in the future that a mirror or even
the original download server for a project is hacked and minimal modified
sources gets uploaded. The packager using uscan will trust usually that the
sources are unto
9 matches
Mail list logo
