-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Nov 2021 06:02:07 +0100
Source: debsig-verify
Architecture: source
Version: 0.24
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Changes:
debsig-verify (0.24) unstable; urgency=medium
.
* Switch keyring parser from gpg --list-packets to --show-keys --with-colons.
* Use fingerprint and fallback to use long keyIDs for database filenames.
* Reject weak RIPEMD160 and SHA1 algorithms.
* Documentation:
- Update .gpg keyring references to .pgp in man page.
- Mention OpenPGP instead of gpg in generic code comments.
- Clarify the requirement for OpenPGP keyrings.
Prompted by Steve McIntyre <steve@einval.com>.
See #988646.
- Update and modernize the policy-syntax specification.
* Code internals:
- Move GnuPG specific macros to the GnuPG backend module.
- Rename gpgVerify() to sigVerify().
- Add a new find_command() function.
- Abstract the OpenPGP operations behind a frontend driver.
- Move checkSigExist() from misc to openpgp module.
- Rename XML parser file to policy-xml.
- Refactor key ID comparison function.
- Support comparing keyIDs and fingerprints.
- Refactor database filename generation into a new function.
- Refactor prefix matching into a new function.
- Regroup header includes.
* Build system:
- Add GitLab CI support.
- Update .gitignore file.
* Packaging:
- Fix typo for Standards-Version field.
- Switch to Standards-Version 4.6.0 (no changes needed).
- Do not include the keyid in the example policies pathname.
* Test suite:
- Rename .gpg keyrings to .pgp.
- Abstract OpenPGP details into debsig_openpgp_* functions.
- Check OpenPGP backend availability.
- Add sqop and sq OpenPGP backend support.
- Remove obsolete and non-compliant test data.
Reported by Charles Duffy <charles@dyfis.net>.
- Shorten test case titles.
- Move bad sig case after no sig case.
Checksums-Sha1:
fd52457e7b27f305bfdbc2ff2a79863532b919b7 1865 debsig-verify_0.24.dsc
25e7b847f86adfed91804cbbcbb349ccb1357f48 134852 debsig-verify_0.24.tar.xz
75babac0ac0537835edaf221bc329097494decf0 6996 debsig-verify_0.24_amd64.buildinfo
Checksums-Sha256:
72e93f6cfd72fd21c2b788267ea75c707bc506c8672ab983ca75fac2e0134b04 1865 debsig-verify_0.24.dsc
0e30b571cf5408585fa7691ce2fa51b58608f6444aa291fd6cbf0e385149bb17 134852 debsig-verify_0.24.tar.xz
0481fa1dca5340108bedb1d08ce3d0f167ff914e2f28e7cd5fbe31adb3f34509 6996 debsig-verify_0.24_amd64.buildinfo
Files:
c7c1e15ed2f3d7a591dd5b2ec255d8b8 1865 admin optional debsig-verify_0.24.dsc
00b598e12e13354f24af90b044006fa4 134852 admin optional debsig-verify_0.24.tar.xz
28265b80241becf29286e62d0f034f67 6996 admin optional debsig-verify_0.24_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAmGTPEMACgkQuXK/PqSu
V6MEOA//ezrk3b2TbyFIbou00LqPdHn8XpDQvqwqIDyiSzTuIIfkMgsUfr/Y2WrY
/FlNRImH3t5jQ/7zl5x7B10+uD1ZYrVWrdBJupftKEF/Qa0lJfEMji707niNohwH
bhOcrkln/hsOwxntLJRCL3gA4nKKJNdXmAyQLA4v4lHxYvUXF3fxDwpVbpAI2yRl
EfvwbJOV3EruItBtB48m2+TdprYjl3RsF7SlM/dA71R7fLzzKOlvJUJp0AVlro++
vmBLqiafY8q0Z+YMxjPGh2ulmxVBe5V/9e5RP/zPXGNwFRYxumnuZHCP9bnnPRlT
DvnRC0g6I9bE+7IPPQLxsETJzb09gKu8HcXPaP/CnMyjG6z/x413CPORrc/kRXfu
y5kOv+DNzNzuGgFq0s6C8Ryxbw62ME4NujUjoRVu+a6bBGgnMU9OOioPHcHxtKae
/rrUdE6Cramxwl2RQFsAQW9bYAmxQMoOBvMoP9KLKcAJLrgc+dMMjD21bpf7nD6A
zBqqtSJCnUkE/1mzOKcYctz3JSEYzvyIjdzoykmMhDu4S126wMJh1wWKNFXOU5t+
t+kIQ3v0qnwtoP5vEZIAhBM/Na+MOvj245xtKbvvcXtSwYwjhSDcq51TVFiZjt3y
82+MtQ28pHGgP8LWbKHXwnGt6XGVkMuNWGV9GWuYHeQcz61LAD4=
=563S
-----END PGP SIGNATURE-----
