debsig-verify 0.24 source package in Ubuntu
Changelog
debsig-verify (0.24) unstable; urgency=medium * Switch keyring parser from gpg --list-packets to --show-keys --with-colons. * Use fingerprint and fallback to use long keyIDs for database filenames. * Reject weak RIPEMD160 and SHA1 algorithms. * Documentation: - Update .gpg keyring references to .pgp in man page. - Mention OpenPGP instead of gpg in generic code comments. - Clarify the requirement for OpenPGP keyrings. Prompted by Steve McIntyre <email address hidden>. See #988646. - Update and modernize the policy-syntax specification. * Code internals: - Move GnuPG specific macros to the GnuPG backend module. - Rename gpgVerify() to sigVerify(). - Add a new find_command() function. - Abstract the OpenPGP operations behind a frontend driver. - Move checkSigExist() from misc to openpgp module. - Rename XML parser file to policy-xml. - Refactor key ID comparison function. - Support comparing keyIDs and fingerprints. - Refactor database filename generation into a new function. - Refactor prefix matching into a new function. - Regroup header includes. * Build system: - Add GitLab CI support. - Update .gitignore file. * Packaging: - Fix typo for Standards-Version field. - Switch to Standards-Version 4.6.0 (no changes needed). - Do not include the keyid in the example policies pathname. * Test suite: - Rename .gpg keyrings to .pgp. - Abstract OpenPGP details into debsig_openpgp_* functions. - Check OpenPGP backend availability. - Add sqop and sq OpenPGP backend support. - Remove obsolete and non-compliant test data. Reported by Charles Duffy <email address hidden>. - Shorten test case titles. - Move bad sig case after no sig case. -- Guillem Jover <email address hidden> Tue, 16 Nov 2021 06:02:07 +0100
Upload details
- Uploaded by:
- Dpkg Mailing List
- Uploaded to:
- Sid
- Original maintainer:
- Dpkg Mailing List
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
debsig-verify_0.24.dsc | 1.8 KiB | 72e93f6cfd72fd21c2b788267ea75c707bc506c8672ab983ca75fac2e0134b04 |
debsig-verify_0.24.tar.xz | 131.7 KiB | 0e30b571cf5408585fa7691ce2fa51b58608f6444aa291fd6cbf0e385149bb17 |
No changes file available.
Binary packages built by this source
- debsig-verify: Debian package signature verification tool
This tool inspects and verifies binary package digital signatures based
on predetermined policies, complementing repository signatures or allowing
to verify the authenticity of a package even after download when detached
from a repository.
- debsig-verify-dbgsym: debug symbols for debsig-verify