Bug#873819: debian-policy: upgrading-checklist.txt: typo pgpsignurlmangle in section 4.11 of Version 4.1.0

Package: debian-policy Version: 4.1.0.0 Severity: normal Dear Maintainer, pgpsignurlmangle should actually read pgpsigurlmangle for this to work. thanks martin -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental') Ar

Bug#798476: Maintainer information in source packages (was: Re: Returning to the requirement that Uploaders: contain humans)

Ansgar Burchardt writes ("Maintainer information in source packages (was: Re: Returning to the requirement that Uploaders: contain humans)"): > as a more radical change one could also ask the question where to > maintain the maintainer information. Currently we handle this in the > source package

Processed: tagging 873819

Processing commands for cont...@bugs.debian.org: > tags 873819 + pending Bug #873819 [debian-policy] debian-policy: upgrading-checklist.txt: typo pgpsignurlmangle in section 4.11 of Version 4.1.0 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -

Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security

Russ Allbery wrote: > Sean Whitton writes: >> On Wed, Aug 23 2017, Russ Allbery wrote: >>> --- a/policy/ch-controlfields.rst >>> +++ b/policy/ch-controlfields.rst >>> @@ -962,6 +962,10 @@ repository where the Debian source package is >>> developed. >>> >>> More than one different VCS may b

Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security

Jonathan Nieder wrote: > Russ Allbery wrote: >>> On Wed, Aug 23 2017, Russ Allbery wrote: --- a/policy/ch-controlfields.rst +++ b/policy/ch-controlfields.rst @@ -962,6 +962,10 @@ repository where the Debian source package is developed. More than one different V

Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security

Jonathan Nieder writes: > Russ Allbery wrote: >> (That said, my understanding is that you don't get any meaningful >> integrity protection for Git from using https over http.) > As discussed elsewhere in this thread, it depends on how much you > trust (a) ca-certificates, versus (b) DNS. FWIW,

Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security

Russ Allbery wrote: > Jonathan Nieder writes: >> Russ Allbery wrote: >>> (That said, my understanding is that you don't get any meaningful >>> integrity protection for Git from using https over http.) >> >> As discussed elsewhere in this thread, it depends on how much you >> trust (a) ca-certific

Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security

Jonathan Nieder writes: > C. You have transport-level integrity protection, e.g. by using a > protocol like https:// or ssh:// with proper PKI. I think it's worth being honest with ourselves here that the proper PKI part is not really happening with the Vcs-Git field (or Vcs-Browser for tha

Bug#810381: debian-policy: Update wording of 5.6.26 VCS-* fields to reflect the need for security

Russ Allbery wrote: > Jonathan Nieder writes: >> C. You have transport-level integrity protection, e.g. by using a >> protocol like https:// or ssh:// with proper PKI. > > I think it's worth being honest with ourselves here that the proper PKI > part is not really happening with the Vcs-Git

Processed: Re: [debhelper-devel] Bug#515856: debhelper: please implement dh get-orig-source

Processing control commands: > reassign -1 debian-policy Bug #515856 [debhelper] debhelper: please implement dh get-orig-source Bug reassigned from package 'debhelper' to 'debian-policy'. No longer marked as found in versions debhelper/10.2.5 and debhelper/7.0.17. Ignoring request to alter fixed v