Hello,
there are questions from the Debian dev who helps publishing the package about the signing key which is in the debian/ subtree.
Can someone please comment?
Thank you
Kambiz
----- Forwarded Message ----- From: "Sébastien Villemot" sebastien@debian.org To: "Kambiz Darabi" darabi@m-creations.com Cc: 878167@bugs.debian.org Sent: Friday, 13 October, 2017 5:07:45 PM Subject: Re: Bug#878167: RFS: cl-asdf/3.3.0 - Another System Definition Facility
Also, there is a GPG key under debian/upstream/signing-key.asc, but I see no signature on upstream website (https://common-lisp.net/project/asdf/archives/).
Am I missing something? Or should the key be removed?
Thanks,
On 13 Oct 2017, at 10:44, Kambiz Darabi wrote:
Hello,
there are questions from the Debian dev who helps publishing the package about the signing key which is in the debian/ subtree.
Can someone please comment?
Thank you
Kambiz
Hm. Is this because you are grabbing tar balls from there, and Debian would like to see those tar balls signed? I should probably modify the make script for releasing to make a pop signature for the tar balls and upload it.
I don't really have the capability of going back to regenerate and sign the old tar balls I'm afraid. And anyway, I simply won't do it.
I have no idea what key is stored at debian
Cheers, r
----- Forwarded Message ----- From: "Sébastien Villemot" sebastien@debian.org To: "Kambiz Darabi" darabi@m-creations.com Cc: 878167@bugs.debian.org Sent: Friday, 13 October, 2017 5:07:45 PM Subject: Re: Bug#878167: RFS: cl-asdf/3.3.0 - Another System Definition Facility
Also, there is a GPG key under debian/upstream/signing-key.asc, but I see no signature on upstream website (https://common-lisp.net/project/asdf/archives/).
Am I missing something? Or should the key be removed?
Thanks,
-- ⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot ⣾⠁⢠⠒⠀⣿⡁ Debian Developer ⢿⡄⠘⠷⠚⠋⠀ http://sebastien.villemot.name ⠈⠳⣄⠀⠀⠀⠀ http://www.debian.org