Ben Finney <bign...@debian.org> writes: > I am preparing a new version of ‘dput’ that stops using ‘/usr/bin/gpg’, > and instead uses the GPGME library for GnuPG operations.
> […] > If your packaging workflow has unusual signing practices, or an unusual > GnuPG configuration, your help will be especially valuable to test this > change. In particular I am seeking workflows and tests that: * Use signatures from keys that are now expired, or from keys that your GnuPG doesn't trust, or from keys that your GnuPG doesn't know. * Use signatures that are well-formed but fail to verify, or that are good but very old, or that are from the future. * Use non-default hash algorithms, or non-default options that would otherwise affect the generated signature. * Use GnuPG version 1 on a system with GnuPG 2, or vice versa. * Use outdated versions of GPGME. * etc. I'm also hoping some people interested in back-porting ‘dput’ to older Debian releases can help test these changes on those systems. Please contact me at <d...@packages.debian.org> to offer your packaging system to test this new release. -- \ “Good judgement comes from experience. Experience comes from | `\ bad judgement.” —Frederick P. Brooks | _o__) | Ben Finney
