On Wed, Mar 13, 2013 at 5:34 AM, Markus Wanner wrote: > motivated by Paus Wise, I scratched my own itch: here's a patch that > makes PTS parse GPG signatures - therefore being able to display a > package's sponsor. Please review.
Awesome, thanks! We need more folks working on Debian QA infrastructure, I hope you'll continue to help out :) > I'm using GPGME, or rather its python binding, so python-gpgme becomes a > dependency. Unfortunately python-gpgme isn't installed on quantz yet, so the patch can't be applied yet. I'll mail DSA about this. > Currently, if there's anything wrong with the signature or the public > key missing, there's no warning or anything. It will simply fall back to > display the sender of the email, as before. Not sure if that's much of > an issue. I think that is an important thing to fix. I am also not qualified to determine if your signature verification code is OK. I have added Ansgar Burchardt to the recipients, he has been auditing Debian's GPG verification code and finding issues. Ansgar, could you take a look at the last hunk of this patch against the PTS code? http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=support-sign-lookup.diff;att=1;bug=702908 > A public key may have multiple uids and the signature is only specific > to the key, not any specific uid. But I only want to display a single > uid. The way I implemented this now is: we take the first uid. Only if a > later uid has an email ending in "@debian.org", we prefer that one. > That's certainly not ideal. We could possibly do an LDAP lookup via the > key's fingerprint on db.debian.org instead... Hmmm, not sure what to say there. It seems like a reasonable approach for now. > In the news.xml file, I replaced the "from" attribute of the news item > with more fine grained "from_address" and "from_realname". However, I > think existing entries will be kept, so the XSL-templates need to be > able to parse both. At least that's how I've implemented it. If a > complete rewrite of all news.xml files is feasible, the XSLTs could be > simplified quite a bit. I guess this is needed for the developer.php links, fair enough. > I also added links to http://qa.debian.org/developer.php?login=$EMAIL > for both, the sender and signer of the mail in the HTML display of the > NEWS. Not in RSS. Nice touch. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caktje6gjchl43b8nvcglb_fy7b-_ksbecl-1edgvp-sheje...@mail.gmail.com
