"Adam D. Barratt" <a...@adam-barratt.org.uk> writes: > Control: tags -1 + moreinfo > > On Wed, 2018-03-21 at 14:07 +0100, micah wrote: >> "Adam D. Barratt" <a...@adam-barratt.org.uk> writes: >> >> > Control: tags -1 + moreinfo >> > >> > On Tue, 2018-03-20 at 16:32 -0400, micah wrote: >> > > The leap-archive-keyring is a simple archive keyring package that >> > > contains the >> > > signing key for trusting the archive of the LEAP encryption >> > > access >> > > project. Unfortunately, the expiration date chosen for the key >> > > that >> > > is included >> > > in the package in Stretch was too low, and it has expired. >> > > >> > > The newer package that is available in testing, unstable, and >> > > backports provides >> > > a key with a sufficient length to cover the stable release cycle. >> > > >> > > I would like to propose that this package be included in the next >> > > stable release point update. >> > >> > We'd need to see a debdiff of the proposed upload, built on and >> > tested >> > against stretch, please. >> >> Sorry, I thought I had attached the debdiff, here it is: > > Ah, sorry, I meant of the source packages, not the binaries.
Of course, I should have assumed that. I've attached the source debdiff to this email. > (Also, as per above - "of the proposed upload, built on and tested > against stretch". The provided debdiff is against the version that was > uploaded to unstable. Fixed. > An upload to stretch at least needs a new changelog stanza with a > different version number - most likely 2016.03.08+deb9u1, but possibly > 2017.11.24~deb9u1 if you wish to argue that all of the changes since > the current version in stretch are appropriate for a stable update.) I went with 2017.11.24~deb9u1 because indeed, the changes since the current version in stretch are appropriate for a stable update, namely: 1. Providing keys in a second location, to aid in the transition from jessie->stretch methods for how sources.list [signed-by=] method changed to allow for both paths and fingerprints 2. fix priority to be in-line with debian policy 3. add a dependency on gnupg 4. update the expirations on the keys themselves I'm only unsure if changing the Priority section is allowed in a stable point update? Thanks! Micah
leap-archive-keyring-src.debdiff
Description: Binary data
signature.asc
Description: PGP signature
