68b29afe52
I had 5 ways forward, I picked #6 1) don't sign. That's generally only acceptable for private packages 2) Make whomever edited the changelog last create signed .deb and .dsc. This seems like a pain for whomever is developing the packages 3) Change the changelog to a uid in the signing.key. I did not like taking credit away from whomever SHOULD be in the changelog 4) Have the distributing person add the changelog email address as an additional uid in their pgp key... this sounds like bad practice to me. 5) Build the .deb package, break it apart, manually sign, and re- archive. While possible, seemed prone to failure in corner cases down the road... 6) Use -p option of pgp to point to a script removing the the --local-user option that was forcing the .deb to be signed by the last developer of the changelog, not the person generating the distributions. This seemed best... Does not handle the public key yet in Debian
26 lines
230 B
Plaintext
26 lines
230 B
Plaintext
bin/
|
|
benchmark/
|
|
|
|
# only allow man/*.\d.ronn files
|
|
man/*
|
|
|
|
*.test
|
|
tmp
|
|
test/remote
|
|
|
|
debian/git-lfs/
|
|
debian/*.log
|
|
debian/files
|
|
debian/*.substvars
|
|
obj-*
|
|
|
|
rpm/BUILD*
|
|
rpm/*RPMS
|
|
rpm/*.log
|
|
rpm/SOURCES
|
|
|
|
docker/repos
|
|
docker/signing.key
|
|
|
|
src
|