Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 920671 - app-backup/duplicity: should use verify-sig
Summary: app-backup/duplicity: should use verify-sig
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Richard Freeman
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-24 21:53 UTC by Eli Schwartz
Modified: 2023-12-24 21:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eli Schwartz gentoo-dev 2023-12-24 21:53:33 UTC 
The distfile described at https://gitlab.com/duplicity/duplicity/-/releases contains a PGP signature.

The distfile currently used -- from pypi.eclass -- does not. they appear to be slightly different tarballs. The only diffferences per diffoscope are in setup.py (pypi lacks setuptools_scm?) and duplicity-2.1.4/bin/duplicity.1 which contains a date 5 days later on PyPI.