Control: forcemerge 615813 -1
On Sun, 2013-08-11 at 15:29:22 +0200, Harald Dunkel wrote:
> Package: dpkg-dev
> Version: 1.17.1
>
> I have moved to 2048bit rsa sha2 for gpg. Problem: dpkg-buildpackage
> insists to use the old 1024bit dsa sha1 key, even though I have set
> the new default in .gnupg/gpg.conf and in an environment variable
> $GPGKEY.
>
> dpkg-buildpackage -k${GPGKEY} works as expected.
>
> This is highly error-prone. I wonder how many packages in the
> repositories exist, signed with a weak sha1 key just by accident.
> It would be very nice if this could be improved.
This was already reported, I'll be fixing it pretty soon as part of
a rework of the dpkg-buildpackage code.
Thanks,
Guillem
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
