FS#71117 - [pass] use signed tag

Attached to Project: Community Packages
Opened by T.J. Townsend (blakkheim) - Thursday, 03 June 2021, 21:27 GMT
Last edited by Brett Cornwall (ainola) - Friday, 29 July 2022, 17:30 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Attached diff switches the pass package to use a PGP-signed git tag for authenticity.
   pass.diff (1.1 KiB)
This task depends upon

Closed by  Brett Cornwall (ainola)
Friday, 29 July 2022, 17:30 GMT
Reason for closing:  Implemented
Additional comments about closing:  GPG signed tags are now set up in the PKGBUILD. Thanks for reporting!
Comment by T.J. Townsend (blakkheim) - Saturday, 12 June 2021, 17:37 GMT
Friendly ping.
Comment by Lukas Fleischer (lfleischer) - Saturday, 12 June 2021, 18:06 GMT
Unfortunately, the key used by upstream has expired.
Comment by Brett Cornwall (ainola) - Thursday, 24 June 2021, 05:39 GMT
Hi, Lukas. It's not expired, Jason just didn't verify the key on keys.openpgp.org (I'm guessing you were trying to import from there) so there was no email address associated. Using another server, e.g. hkps://keyserver.ubuntu.com, imports the key correctly.

The key has an expiration date of 2022-02-11, so it should be good to go! I know you're using release tarballs now instead of git but it might be worth considering a switch back to git for that verification.
Comment by T.J. Townsend (blakkheim) - Wednesday, 15 September 2021, 21:29 GMT
Ping?
Comment by T.J. Townsend (blakkheim) - Monday, 25 July 2022, 14:21 GMT
Ping and updated diff
   pass.diff (1.3 KiB)
Comment by Brett Cornwall (ainola) - Friday, 29 July 2022, 17:30 GMT
Hi, Lukas. Since there was no response to this bug for over a year, I went ahead and updated it.

Loading...