On Sun, May 05, 2019 at 08:21:29PM +0200, Josefsson-Ljungdahl wrote: > Seeing that you have attached a signature it would help if you could point > me to your public key. You can find mine at public key-servers. The > fingerprint is: 57AA BFB8 727A 2506 47CC CB90 2D23 4815 7026 0357. Look > for gos...@foi.se or perhaps some part or all of dsa1024/70260357.
My key is widely available on public key servers, and also is on the Debian keyring. If you check my email's signature your client will tell you what key to fetch, and after fetching it your client will be able to validate the signature and present the fingerprint. GnuPG can be configured to do this automatically. You still need to independently verify the signature out of band (or through the web of trust); there is no possible shortcut to this. There is no need for me to include my key or fingerprint separately - that would be redundant. > Ok, I will make a bug report. I thought about doing it but I was not sure > whether this would qualify as bug. I'm not sure I follow. If the issue doesn't qualify as a bug (or a wishlist bug) then by definition there is no acceptable code change to make for the package, so what exactly would you be requesting? If you want to ask for confirmation if the bug is valid, then the best thing to do is to file it (having done some reasonable research first, which it seems you have) with as much objective information as possible, and make sure the report reaches the original authors and is relevant to them (eg. if the code in question originates from Debian, make sure the bug exists in Debian's bug tracker and is described in terms of Debian, not Mint). You will then be able to get confirmation of validity directly from the source.
signature.asc
Description: PGP signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
