Package: dpkg-dev
Version: 1.17.1
I have moved to 2048bit rsa sha2 for gpg. Problem: dpkg-buildpackage
insists to use the old 1024bit dsa sha1 key, even though I have set
the new default in .gnupg/gpg.conf and in an environment variable
$GPGKEY.
dpkg-buildpackage -k${GPGKEY} works as expected.
This is highly error-prone. I wonder how many packages in the
repositories exist, signed with a weak sha1 key just by accident.
It would be very nice if this could be improved.
Many thanx
Harri
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
