Your message dated Tue, 17 Dec 2024 19:00:12 +0000
with message-id <e1tncnk-006pjv...@fasolo.debian.org>
and subject line Bug#1089831: fixed in golang-github-hiddeco-sshsig 0.1.0-1
has caused the Debian Bug report #1089831,
regarding ITP: golang-github-hiddeco-sshsig -- SSH Signature: sign and verify
messages using SSH keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1089831: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089831
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <si...@josefsson.org>
* Package name : golang-github-hiddeco-sshsig
Version : 0.1.0-1
Upstream Author : Hidde Beydals
* URL : https://github.com/hiddeco/sshsig
* License : Apache-2.0
Programming Lang: Go
Description : SSH Signature: sign and verify messages using SSH keys (Go
library)
This Go library implements the SSHSIG wire protocol
(https://github.com/openssh/openssh-
portable/blob/V_9_2_P1/PROTOCOL.sshsig), and can be used to sign and
verify messages using SSH keys.
.
Compared to other implementations, this library does all the following:
.
* Accepts an io.Reader as input for signing and verifying messages.
* Performs simple public key fingerprint and namespace mismatch checks
in
Verify. Malicious input will still fail signature verification, but
this
provides more useful error messages.
* Properly uses ssh-sha2-512 as signature algorithm when signing with an
RSA
private key, as described in the protocol
(https://github.com/openssh/openssh-
portable/blob/V_9_2_P1/PROTOCOL.sshsig#L69-L72).
* Does not accept a Sign operation without a namespace as specified in
the
protocol (https://github.com/openssh/openssh-
portable/blob/V_9_2_P1/PROTOCOL.sshsig#L57).
* Allows Verify operations to be performed without a namespace,
ensuring
compatibility with loose implementations.
* Provides Armor and Unarmor functions to encode/decode the signature
to/from an (armored) PEM format.
.
For more information about the use of this library, see the Go Reference
(https://pkg.go.dev/github.com/hiddeco/sshsig).
https://salsa.debian.org/go-team/packages/golang-github-hiddeco-sshsig
/Simon
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: golang-github-hiddeco-sshsig
Source-Version: 0.1.0-1
Done: Simon Josefsson <si...@josefsson.org>
We believe that the bug you reported is fixed in the latest version of
golang-github-hiddeco-sshsig, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1089...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated
golang-github-hiddeco-sshsig package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 13 Dec 2024 13:05:47 +0100
Source: golang-github-hiddeco-sshsig
Binary: golang-github-hiddeco-sshsig-dev
Architecture: source all
Version: 0.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Description:
golang-github-hiddeco-sshsig-dev - SSH Signature: sign and verify using SSH
keys (Go library)
Closes: 1089831
Changes:
golang-github-hiddeco-sshsig (0.1.0-1) unstable; urgency=medium
.
* Initial release (Closes: #1089831)
Checksums-Sha1:
3a67616ed0d2c7538a9630eb630ac4ec064e394f 1733
golang-github-hiddeco-sshsig_0.1.0-1.dsc
69a69e31ece23ff7845500b582983df51542996b 19588
golang-github-hiddeco-sshsig_0.1.0.orig.tar.gz
87063de491c997d648a10e4091ceb60ffbae0303 2068
golang-github-hiddeco-sshsig_0.1.0-1.debian.tar.xz
8ce5458feb5c2ed3c2f6223743ddf681e54a1ce9 14572
golang-github-hiddeco-sshsig-dev_0.1.0-1_all.deb
5be6f7afafca03dab3c96770b13cc9879d3a208f 5859
golang-github-hiddeco-sshsig_0.1.0-1_amd64.buildinfo
Checksums-Sha256:
9e07b792c9768c177a3f37aa0b298f9991228636f80a594b665af1eddc081552 1733
golang-github-hiddeco-sshsig_0.1.0-1.dsc
b89eb572e6c76fa31f86d38d69aa432f3a4274f5e81d94a6d9cc26a9a0147522 19588
golang-github-hiddeco-sshsig_0.1.0.orig.tar.gz
c86cf18264df4f6caa31e2922349ff3d6c2ad55f92e92ff77d4fe2582d71e611 2068
golang-github-hiddeco-sshsig_0.1.0-1.debian.tar.xz
fabfc9b7083fe4c1a803de12dbf9152bd73ee5f9cef5c7dbe094d9074b010917 14572
golang-github-hiddeco-sshsig-dev_0.1.0-1_all.deb
2bf2ec2c98575de2fcd60b69ea17c7fd8806f55250f0f6daa6b055d226353860 5859
golang-github-hiddeco-sshsig_0.1.0-1_amd64.buildinfo
Files:
8c9e945f50be6cfec2b32c7b3ba56212 1733 golang optional
golang-github-hiddeco-sshsig_0.1.0-1.dsc
66622983c38b143de2a95e0b1d55374b 19588 golang optional
golang-github-hiddeco-sshsig_0.1.0.orig.tar.gz
1d554601be0dbd2bc48c9bad746ba673 2068 golang optional
golang-github-hiddeco-sshsig_0.1.0-1.debian.tar.xz
144d598c1e134fa4c45d5ae4b3dd4bd2 14572 golang optional
golang-github-hiddeco-sshsig-dev_0.1.0-1_all.deb
f84a0a03df30b12143fba9ecfcfc6468 5859 golang optional
golang-github-hiddeco-sshsig_0.1.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ1wreRQcc2ltb25Aam9z
ZWZzc29uLm9yZwAKCRBRcisI/kdForBAAQCaQYUnAhfoGurnlboeihCv08NlPQ59
i0HmYCuqL/eiSwD/fRQAiuesUiFRSVSLqwvMrJVqZUAfjOkLBt/jNdMm0AM=
=uyn8
-----END PGP SIGNATURE-----
pgpiKTO_jZ6TV.pgp
Description: PGP signature
--- End Message ---
