[Bug 1692489] Re: [Feature Request] pull-debian-source should verify the checksum of the files it downloads
Dan Streetman
dan.streetman at canonical.com
Thu Mar 1 14:26:20 UTC 2018
I think you have this backwards, the current pull-debian-source does
verify its dsc signature while pull-lp-source does *not* verify its dsc
signature (this is done in ubuntutools/archive.py). However, it does
verify the checksum (listed in the dsc file) for all other source files
downloaded (again in ubuntutools/archive.py).
Additionally my pull-*-* rewrite in bug 1453330 changes archive.py to
verify the signature of dsc files for debian and ubuntu (and UCA), as
well as continuing to verify the checksum of source files downloaded.
Are there a specific source code lines that you are looking at where you
disagree with my assessment?
--
You received this bug notification because you are a member of MOTU,
which is subscribed to ubuntu-dev-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1692489
Title:
[Feature Request] pull-debian-source should verify the checksum of the
files it downloads
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-dev-tools/+bug/1692489/+subscriptions
More information about the universe-bugs
mailing list