mirror of
https://git.dpkg.org/git/dpkg/debsig-verify.git
synced 2025-04-28 02:27:51 +00:00
0163d69c65
This was previously supported because we were always falling back to match, which was not truly honoring the declared policy. Add explicit support for multiple subkeys. Closes: #1059150 Based-on-patch-by: Steve McIntyre <steve@einval.com>
23 lines
814 B
XML
23 lines
814 B
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE Policy SYSTEM "https://www.debian.org/debsig/1.0/policy.dtd">
|
|
<Policy xmlns="https://www.debian.org/debsig/1.0/">
|
|
|
|
<!-- This is mainly a sanity check, since our filename is that of the ID
|
|
anyway. -->
|
|
<Origin Name="Debsig" id="4C2E30ED5C790356" Description="Debsig testing"/>
|
|
|
|
<!-- This is required to match in order for this policy to be used. We
|
|
reject the release Type, since we want a different rule set for
|
|
that. -->
|
|
<Selection>
|
|
<Required Type="origin" File="pubring.pgp" id="4C2E30ED5C790356"/>
|
|
</Selection>
|
|
|
|
<!-- Once we decide to use this policy, this must pass in order to verify
|
|
the package. -->
|
|
<Verification MinOptional="0">
|
|
<Required Type="origin" File="pubring.pgp" id="4C2E30ED5C790356"/>
|
|
</Verification>
|
|
|
|
</Policy>
|