Debian: what precisely identifies a source package
Philipp Kern
pkern at debian.org
Thu Oct 30 14:44:48 UTC 2025
On 2025-10-30 13:52, Adrian Bunk wrote:
> On Mon, Oct 27, 2025 at 09:38:04AM +0000, MOESSBAUER, Felix wrote:
>> ...
>> Regarding checksums: I'm wondering if the uniqueness of
>> name/version/arch triplets just refers to the content of a package, or
>> also to the .dsc file with its signature. IOW: Should it be allowed to
>> re-sign a .dsc file without changing the version? Here, I'm also
>> considering the case that a package is copied from debian-security to
>> debian.
>
> This shouldn't happen.
>
> Importing packages from debian-security to (old)stable is basically an
> upload, and you need the signature of the uploader for that.
Because it is, it can change because it might need resigning because the
original signer's key might not (currently) be valid at the point of
copy.
Kind regards
Philipp Kern
More information about the rb-general
mailing list