Hello, على السبت 3 أيلول 2016 15:34، كتب D Haley: > Package: poretools > Version: 0.5.1-1 > Severity: important > > Dear Maintainer, > > Your package appears to contain commands which use a short gpg-key > ID. These have recently been identified as potential security concerns, > due to a chance that the wrong key can be imported in the case of a > forced key-ID collision [1]. > > The affected file is: > Dockerfile [2] > > Its not clear to me that the affected file is actually used in the build > script, but it may be referenced somewhere in the package >
Yes, this file is not used at all during the build process or distributed in the binary package. I believe it's just used by upstream. I can repack the tarball and exclude this file if that will alleviate concerns. Thanks and regards Afif -- Afif Elghraoui | عفيف الغراوي http://afif.ghraoui.name
