should not require that .dsc files be signed by an active key

Bug #439012 reported by LaMont Jones on 2009-09-29
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Low
Unassigned

Bug Description

I have developed a habit of only signing the .changes file when I sponsor an upload, and letting the sponsoree have the signature on the .dsc. In debian, this has always worked, and provides me with some level of being able to say "I sponsored _his_ upload", rather than claiming that I was responsible for the source code.

When I did that with an upload today, I got:
Rejected:
File limesurvey_1.85plus-build7689-1.dsc is signed with a deactivated key A2229B78

On the same upload that is currently sitting in debian's NEW queue, and will (eventually) be synced into ubuntu from sid, complete with the deactivated key's signature on the .dsc....

maybe we could let it come through when the source.changes file is signed by an active key???

lamont

Celso Providelo (cprov) wrote :

For the record, the deactivated key belongs to https://edge.launchpad.net/~nijaba.

And I think your suggestion is reasonable, DSCs signed by keys deactivated in LP will cause no harm and we will continue to be able to link them to their signers.

tags: added: soyuz-upload
Changed in soyuz:
importance: Undecided → Low
status: New → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers