signing-party - Debian Package Tracker

general

source: signing-party (main)
version: 2.12-1
maintainer: Guilhem Moulin (DMD)
uploaders: Simon Richter [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.11-1
oldstable: 2.11-1
stable: 2.12-1
testing: 2.12-1
unstable: 2.12-1

versioned links

2.11-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

signing-party (20 bugs: 0, 2, 18, 0)

action needed

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2026-04-06 Last update: 2026-05-07 05:01

30 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 43fc29ea63d37f4354df77515f29862c9654a8c6
Author: ATLief <[email protected]>
Date:   Mon Dec 29 04:19:07 2025 -0500

    sig2dot: update and consolidate usage information into man page

commit a455ef2ec24dca86ae3d9d6dce3001b00053f848
Author: ATLief <[email protected]>
Date:   Sun Dec 28 17:14:34 2025 -0500

    sig2dot: skip bidirectional combination of self-signatures

commit b3f1e0b4f0641c51f1c64f5b53dd62e5fe5221b6
Author: ATLief <[email protected]>
Date:   Sun Dec 28 11:32:57 2025 -0500

    sig2dot: update example commands

commit 37e12afd0f93b2c426637ebf956001b433e39ba8
Author: ATLief <[email protected]>
Date:   Sun Dec 28 15:05:53 2025 -0500

    sig2dot: fix missing check to apply "-a" flag
    
    This fixes a bug where signatures from hidden public keys on other public keys were still shown, which implicitly rendered the hidden public keys.

commit 10d02870082e8f0bd4eb930cfe3e383341c3c4c2
Author: ATLief <[email protected]>
Date:   Sat Dec 27 09:21:01 2025 -0500

    sig2dot: use %sigstmp and %sigs instead of @names
    
    They contain the same information, and it removes the need for a lot of redundant logic.

commit 35415e1428bb670979c82e6931df252792b7db20
Author: ATLief <[email protected]>
Date:   Wed Dec 24 04:01:31 2025 -0500

    sig2dot: use %sigstmp and %sigs instead of %idlist
    
    They contain the same information, and it removes the need for some redundant logic.

commit bf3e314a71245b209d12ac73861219e7339688eb
Author: ATLief <[email protected]>
Date:   Tue Dec 23 14:10:42 2025 -0500

    sig2dot: add "-c" option for combining/deduplicating bidirectional signatures
    
    This functionality was added in #3be4b46c but never enabled. It's disabled by default, as it breaks compatibility with springgraph.
    
    NOTE: This option is still missing from the documentation, as those changes may need additional discussion.

commit 928a0cb7d4af3dce7bf84cba1cc3fe71becb0c61
Author: ATLief <[email protected]>
Date:   Tue Dec 23 05:30:59 2025 -0500

    sig2dot: make example commands compatible with gpg-sq

commit a76fb09dd6410ece16b2d3c56e15547b0c8dc0fb
Author: ATLief <[email protected]>
Date:   Sat Jul 26 19:47:53 2025 -0400

    Only graph nodes with listed public keys
    
    If GPG only outputs a subset of its public keys (for example, the members of a KSP within a larger keyring) then graph nodes will be created for each signature. This makes the resulting graph huge and cluttered.

commit 0cc53a780275264387c06ddcfdbf6e78d687cc9b
Author: ATLief <[email protected]>
Date:   Sat Jul 19 05:47:24 2025 -0400

    Only set UID of ID if not already set
    
    Otherwise, the last UID is always used. Since the primary UID comes first, that's probably the best one to use.

commit 3be4b46c098b101645322eb2d08ff8f20e34c7e6
Author: ATLief <[email protected]>
Date:   Fri Jul 18 14:20:16 2025 -0400

    Add support for combining/deduplicating bidirectional signatures, but leave it disabled

commit 121f3f4094b10883ba2318a1b78207f33177592d
Author: ATLief <[email protected]>
Date:   Fri Jul 18 03:48:58 2025 -0400

    Use regex to remove algorithm from ID capture (if present)

commit ed2787627eeb41974afbfe8addfc1b530f87d885
Author: ATLief <[email protected]>
Date:   Thu Jul 17 16:43:32 2025 -0400

    Hide remaining regex logging in quiet mode

commit 2e2c7e09373c046a76dd0f1bb267a10adcccace4
Merge: c0de677 0b206df
Author: Alex Lieflander <[email protected]>
Date:   Tue Jul 15 16:25:59 2025 +0000

    Merge branch signing-party:master into master

commit c0de677ae6a59ea05a541f2169bbf37add09f746
Author: ATLief <[email protected]>
Date:   Tue Jul 15 11:26:09 2025 -0400

    Fix example commands

commit a102b2f40a9a1ccc4ecbe2a4d6c8b2579cf0aa26
Author: ATLief <[email protected]>
Date:   Tue Jul 15 10:18:21 2025 -0400

    Revert "Treat "sub" keys as independant "pub" keys"
    
    This reverts commit f5b7578373b165b929da90047c4c3021836b9bb1. The issue this solved has been fixed with regex changes, and it was causing self-signatures to break.

commit 73a88f2e30bbae00cd94b47e6a60020a47e52638
Author: ATLief <[email protected]>
Date:   Tue Jul 15 07:45:16 2025 -0400

    Fix mapping of fingerprint/ID to name

commit 3cc86d9cb5cb960516f538c81c56f61c2aa502d0
Author: ATLief <[email protected]>
Date:   Tue Jul 15 05:37:48 2025 -0400

    Rename $name to show when it refers to the string or hash
    
    Using the same variable for both is a clever use of the namespace, but makes it really hard to debug

commit 6a6de394bf6f09068b076900ea283fc6f9dfe218
Author: ATLief <[email protected]>
Date:   Tue Jul 15 04:42:27 2025 -0400

    Allow ID capture group to have no leading spaces
    
    1 space is already required by the flags section, and the flags section would hog all the spaces when there were less than 10

commit 328d1fb59cbb64a75161f774314f67ec33380986
Author: ATLief <[email protected]>
Date:   Mon Jul 14 18:13:55 2025 -0400

    Move leading space inside name regex group
    
    This allows the date group to match in pub lines

commit 0b206df5e92fd1e2d35e930c3da8053db6319480
Author: Guilhem Moulin <[email protected]>
Date:   Sun Jul 13 17:56:30 2025 +0200

    gpg-key2ps.1: Add a section with limitations and suggested replacement.
    
    Closes: #1109154

commit f1a0917515ac1923b0e984c829cc9733b3b9f290
Author: ATLief <[email protected]>
Date:   Sat Jul 12 05:01:22 2025 -0400

    Make date and name capture groups more strict
    Make date capture group optional and set default value of "1970-01-01"

commit 939c557f34061d099c76a5b7a4de3f85c2d12e7e
Author: ATLief <[email protected]>
Date:   Sat Jul 12 04:07:04 2025 -0400

    Make ID capture group optional and more strict
    Set default value of "AAAAAAAA" if missing

commit 9e55dfef7b55f424b19dd19eaa22b3b4225e6768
Author: ATLief <[email protected]>
Date:   Fri Jul 11 11:22:04 2025 -0400

    Give names to regex capture groups

commit f5b7578373b165b929da90047c4c3021836b9bb1
Author: ATLief <[email protected]>
Date:   Fri Jul 11 07:58:16 2025 -0400

    Treat "sub" keys as independant "pub" keys
    
    This fixes a bug where sub-keys were improperly formatted and a bug where sub-key self-signatures were treated as malformed certifications of the last uid.

commit bf9ff9f7d8a082a4d18777d64ec39bc702e63520
Author: ATLief <[email protected]>
Date:   Fri Jul 11 06:39:00 2025 -0400

    Don't match linebreaks in regex
    
    This doesn't make a difference when iterating by line, but makes bulk testing much easier. If we ever iterate by regex matches, this will also be necessary.

commit 9fa72af12f2a6b5d59130eb3383ce98e1d45a308
Author: Guilhem Moulin <[email protected]>
Date:   Sat Jul 12 12:52:48 2025 +0200

    caff: Don't generate broken config for gecos fields containing single quotes.
    
    Reported on IRC by Rhonda D'Vine.

commit ca2b2456ba2fc209974664faec88ae854eb2d76c
Author: Uwe Kleine-König <[email protected]>
Date:   Tue May 6 22:24:21 2025 +0200

    gpgparticipants-filter: Doesn't skip expired keys
    
    According to the gpg documentation field 10 (which is indexed using 1
    for the first field and so matches Python array index 9) is the User-ID
    which is usually (always?) empty in "pub" lines. The validity is in
    field 2.
    
    Closes: #1104814

commit d8008dabc14db09c5e8a96081e6da9efa9ebfe76
Author: Uwe Kleine-König <[email protected]>
Date:   Tue May 6 19:02:19 2025 +0200

    gpgparticipants-filter: Make filter argument optional
    
    Without arguments default to list all keys which matches the behavior
    of `gpg --list-keys`.
    
    Closes: #1104800

commit 352b67548fe107944e3c826dcf80c8fcc5c4574d
Author: Uwe Kleine-König <[email protected]>
Date:   Tue May 6 18:59:28 2025 +0200

    gpgparticipants-filter: Somewhat handle uids with non-UTF-8 encoding
    
    PGP certificates with (e.g.) latin1 encoded uids result in a
    UnicodeDecodeError. So only decode the key id field of gpg's output.
    
    Closes: #1104799

Created: 2025-07-11 Last update: 2026-05-02 00:21

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-02-16 Last update: 2026-02-16 10:49

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2026-02-09 11:30

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 2.12-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-05-05 08:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[rss feed]

[2025-05-15] signing-party 2.12-1 MIGRATED to testing (Debian testing watch)
[2025-05-04] Accepted signing-party 2.12-1 (source) into unstable (Guilhem Moulin)
[2020-07-15] signing-party 2.11-1 MIGRATED to testing (Debian testing watch)
[2020-07-08] Accepted signing-party 2.11-1 (source) into unstable (Guilhem Moulin)
[2019-06-08] Accepted signing-party 2.5-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2019-05-07] signing-party 2.10-2 MIGRATED to testing (Debian testing watch)
[2019-05-05] Accepted signing-party 2.10-2 (source) into unstable (Guilhem Moulin)
[2019-05-01] Accepted signing-party 1.1.10-3+deb8u1 (source amd64) into oldstable (Markus Koschany)
[2019-05-01] Accepted signing-party 2.10-1 (source) into unstable (Guilhem Moulin)
[2019-03-12] signing-party 2.9-1 MIGRATED to testing (Debian testing watch)
[2019-03-01] Accepted signing-party 2.9-1 (source) into unstable (Guilhem Moulin)
[2019-02-07] signing-party 2.8-1 MIGRATED to testing (Debian testing watch)
[2019-01-28] Accepted signing-party 2.8-1 (source) into unstable (Guilhem Moulin)
[2018-05-19] signing-party 2.7-2 MIGRATED to testing (Debian testing watch)
[2018-05-09] Accepted signing-party 2.7-2 (source amd64) into unstable (Guilhem Moulin)
[2018-02-08] signing-party 2.7-1 MIGRATED to testing (Debian testing watch)
[2018-01-29] Accepted signing-party 2.7-1 (source amd64) into unstable (Guilhem Moulin)
[2017-07-18] signing-party 2.6-1 MIGRATED to testing (Debian testing watch)
[2017-07-07] Accepted signing-party 2.6-1 (source amd64) into unstable (Guilhem Moulin)
[2016-10-17] signing-party 2.5-1 MIGRATED to testing (Debian testing watch)
[2016-10-06] Accepted signing-party 2.5-1 (source amd64) into unstable (Guilhem Moulin)
[2016-08-27] signing-party 2.4-1 MIGRATED to testing (Debian testing watch)
[2016-08-21] Accepted signing-party 2.4-1 (source amd64) into unstable (Guilhem Moulin)
[2016-05-07] signing-party 2.3-1 MIGRATED to testing (Debian testing watch)
[2016-04-25] Accepted signing-party 2.3-1 (source amd64) into unstable (Guilhem Moulin)
[2015-12-25] signing-party 2.2-1 MIGRATED to testing (Debian testing watch)
[2015-12-15] Accepted signing-party 2.2-1 (source amd64) into unstable (Guilhem Moulin)
[2015-08-19] signing-party 2.1-1 MIGRATED to testing (Britney)
[2015-08-08] Accepted signing-party 2.1-1 (source amd64) into unstable (Guilhem Moulin)
[2015-04-27] signing-party 2.0-2 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 23 26
RC: 0
I&N: 3
M&W: 16 19
F&P: 4
patch: 2

links

lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.12-1build1
4 bugs