From 07b46a749ad4c63f98bf8d07b90e44d796488c43 Mon Sep 17 00:00:00 2001
From: Nicolas Dandrimont <Nicolas.Dandrimont@crans.org>
Date: Sun, 25 Mar 2012 22:29:59 +0200
Subject: [PATCH 01/12] Enable the filtered RSS feeds again

Thanks to Satoru KURASHIKI for the report
---
 debexpo/config/routing.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debexpo/config/routing.py b/debexpo/config/routing.py
index 6a76a1bd..dce6988d 100644
--- a/debexpo/config/routing.py
+++ b/debexpo/config/routing.py
@@ -86,7 +86,7 @@ def make_map(config):
     map.connect('all-packages', '/packages', controller='packages', action='index')
     map.connect('packages-uploader', '/packages/uploader/{id}', controller='packages', action='uploader')
     #map.connect('/packages/{action}/{id}', controller='packages', action='index', id=None)
-    #map.connect('packages_filter_feed', '/packages/{filter}/{id}/feed', controller='packages', action='feed')
+    map.connect('packages_filter_feed', '/packages/{filter}/{id}/feed', controller='packages', action='feed')
     #map.connect('packages_feed', '/packages/feed', controller='packages', action='feed')
     map.connect('qa', '/qa', controller='index', action='qa')
     #map.connect('register', '/register/{action}/{id}', controller='register', action='index', id=None)
-- 
GitLab


From af0c62fb3a109df2e2fff8e3970d0e53f1c85194 Mon Sep 17 00:00:00 2001
From: Nicolas Dandrimont <Nicolas.Dandrimont@crans.org>
Date: Wed, 4 Apr 2012 01:43:26 +0200
Subject: [PATCH 02/12] Fix shebangs so that scripts don't blow up when run
 directly in virtualenvs

---
 bin/debexpo_worker.py | 2 +-
 bin/key_importer.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/debexpo_worker.py b/bin/debexpo_worker.py
index 87d8506f..13912b62 100755
--- a/bin/debexpo_worker.py
+++ b/bin/debexpo_worker.py
@@ -1,4 +1,4 @@
-#! /usr/bin/python
+#! /usr/bin/env python
 # -*- coding: utf-8 -*-
 #
 #   debexpo_worker.py — Worker task
diff --git a/bin/key_importer.py b/bin/key_importer.py
index 8f4f20d8..08eba5ab 100755
--- a/bin/key_importer.py
+++ b/bin/key_importer.py
@@ -1,4 +1,4 @@
-#! /usr/bin/python
+#! /usr/bin/env python
 # -*- coding: utf-8 -*-
 #
 #   key_importer.py — Regenerate the mentors keyring from scratch
-- 
GitLab


From 7b50b6d2b7d341edc2067a2f80732f3aa7475c42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arno=20T=C3=B6ll?= <debian@toell.net>
Date: Tue, 3 Apr 2012 19:28:41 -0400
Subject: [PATCH 03/12] Set cronjobs by default which are actually usable

---
 development.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/development.ini b/development.ini
index 1c9b69de..4b14bd4c 100644
--- a/development.ini
+++ b/development.ini
@@ -97,7 +97,7 @@ debexpo.gpg_path = /usr/bin/gpg
 debexpo.gpg_keyring = 
 
 # Cronjobs to run by the Worker task
-debexpo.cronjobs = importcomments importuploads
+debexpo.cronjobs = removeolduploads importuploads
 
 # Extra plugin directory
 debexpo.cronjobdir = /tmp
-- 
GitLab


From 048611c39f50689e18385022458a5f91b189f604 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arno=20T=C3=B6ll?= <debian@toell.net>
Date: Tue, 3 Apr 2012 19:48:22 -0400
Subject: [PATCH 04/12] Add debexpo.enable_experimental_code to development.ini

---
 development.ini | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/development.ini b/development.ini
index 4b14bd4c..f7caa592 100644
--- a/development.ini
+++ b/development.ini
@@ -109,6 +109,9 @@ debexpo.cronjob_delay = 60
 # NNTP server to connect to fetch mailing list comments/changes
 debexpo.nntp_server = news.gmane.org
 
+# Enable experimental and/or broken code
+debexpo.enable_experimental_code = true
+
 # Logging configuration
 [loggers]
 keys = root, debexpo
-- 
GitLab


From 8102bea59f8414f5a274fea93e2ede1b41203560 Mon Sep 17 00:00:00 2001
From: Nicolas Dandrimont <Nicolas.Dandrimont@crans.org>
Date: Sat, 7 Apr 2012 18:29:56 +0200
Subject: [PATCH 05/12] Correctly parse the "source" attribute from Debbugs's
 SOAP API

Debbugs reports the source of binary packages that have moved as
"packagea, packageb, packagec", we need to take that into account

Thanks to Sebastian Ramacher for the report.
---
 debexpo/plugins/closedbugs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debexpo/plugins/closedbugs.py b/debexpo/plugins/closedbugs.py
index 4f3995d6..a3d3116e 100644
--- a/debexpo/plugins/closedbugs.py
+++ b/debexpo/plugins/closedbugs.py
@@ -104,7 +104,7 @@ class ClosedBugsPlugin(BasePlugin):
                 name = data["raw"][bug]['package']
                 data["bugs"][name].append((bug, data["raw"][bug]["subject"], data["raw"][bug]["severity"]))
 
-                if not (data["raw"][bug]['source'] == self.changes["Source"] or name == "wnpp"):
+                if not (self.changes["Source"] in data["raw"][bug]['source'].split(', ') or name == "wnpp"):
                     data["errors"].append('Bug #%s does not belong to this package' % bug)
                     severity = max(severity, constants.PLUGIN_SEVERITY_ERROR)
 
-- 
GitLab


From 551cc93ff36cac6d18d28e5d65eb62536ba3a579 Mon Sep 17 00:00:00 2001
From: Vipin Nair <swvist@gmail.com>
Date: Fri, 6 Apr 2012 02:40:38 +0530
Subject: [PATCH 06/12] Added a configuration variable for minimum required key
 strength of the GPG key.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Arno Töll <debian@toell.net>
---
 development.ini | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/development.ini b/development.ini
index f7caa592..2e6dccf1 100644
--- a/development.ini
+++ b/development.ini
@@ -96,6 +96,9 @@ debexpo.gpg_path = /usr/bin/gpg
 # Path to the mentors keyring
 debexpo.gpg_keyring = 
 
+# Minimum key strength required for the key to be acceptable in Debian keyring.
+debexpo.gpg_minkeystrength = 4096
+
 # Cronjobs to run by the Worker task
 debexpo.cronjobs = removeolduploads importuploads
 
-- 
GitLab


From 9407165048005b7eb0463382ac2539d9a8f8fcb3 Mon Sep 17 00:00:00 2001
From: Vipin Nair <swvist@gmail.com>
Date: Fri, 6 Apr 2012 02:42:26 +0530
Subject: [PATCH 07/12] Added method to extract key strength. Refactored
 extract_key_id code.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Arno Töll <debian@toell.net>
---
 debexpo/lib/gnupg.py | 41 +++++++++++++++++++++++++++++++++--------
 1 file changed, 33 insertions(+), 8 deletions(-)

diff --git a/debexpo/lib/gnupg.py b/debexpo/lib/gnupg.py
index 7b17bb4d..d532cc01 100644
--- a/debexpo/lib/gnupg.py
+++ b/debexpo/lib/gnupg.py
@@ -74,6 +74,27 @@ class GnuPG(object):
         """Returns true if the gpg binary is not installed or not executable."""
         return self.gpg_path is None
 
+    def extract_key_data(self,key,attribute):
+        """
+        Returns the attribute of a given GPG public key.
+        Attribute can be one of "keyid" or "keystrength"
+        """
+        try:
+            if attribute == "keyid":
+                r = key.split("/")[1]
+            elif attribute == "keystrength":
+                r = int(key.split("/")[0][:-1])
+            else:
+                raise AttributeError
+            if not r:
+                raise AttributeError
+            return r
+        except (AttributeError, IndexError):
+            log.error("Failed to extract key data from gpg output: '%s'"
+                % key)
+
+
+
     def extract_key_id(self, key):
         """
         Returns the key id only of a given GPG public key, e.g.:
@@ -83,14 +104,18 @@ class GnuPG(object):
         ``key``
             A public key output as given by gpg(1)
         """
-        try:
-            r = key.split("/")[1]
-            if not r:
-                raise AttributeError
-            return r
-        except (AttributeError, IndexError):
-            log.error("Failed to extract key only id from gpg output: '%s'"
-                % key)
+        return self.extract_key_data(key,"keyid")
+
+    def extract_key_strength(self, key):
+        """
+        Returns the key strength only of a given GPG public key, e.g.:
+
+        1024D/355304E4 -> 1024
+
+        ``key``
+            A public key output as given by gpg(1)
+        """
+        return self.extract_key_data(key,"keystrength")
 
     def parse_key_id(self, key, email = None):
         """
-- 
GitLab


From 9310920d817c1696385a3080ee68d9228113ab27 Mon Sep 17 00:00:00 2001
From: Vipin Nair <swvist@gmail.com>
Date: Mon, 9 Apr 2012 03:34:02 +0530
Subject: [PATCH 08/12] Added logic to verify if the key satisfies minimum key
 strength required as specified in configuration.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Arno Töll <debian@toell.net>
---
 debexpo/lib/validators.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/debexpo/lib/validators.py b/debexpo/lib/validators.py
index 021b4ddd..a2218740 100644
--- a/debexpo/lib/validators.py
+++ b/debexpo/lib/validators.py
@@ -83,6 +83,15 @@ class GpgKey(formencode.validators.FieldStorageUploadConverter):
             log.error("Failed to parse GPG key")
             raise formencode.Invalid(_('Invalid GPG key'), value, c)
 
+        """
+        Minimum Key Strength Check.
+        """
+        requiredkeystrength = int(config['debexpo.gpg_minkeystrength'])
+        keystrength = self.gnupg.extract_key_strength(self.key_id())
+        if keystrength < requiredkeystrength:
+            log.debug("Key strength unacceptable in Debian Keyring")
+            raise formencode.Invalid(_('Key strength unacceptable in Debian Keyring. The minimum required key strength is %s bits.' % str(requiredkeystrength)), value, c)
+
         return formencode.validators.FieldStorageUploadConverter._to_python(self, value, c)
 
     def key_id(self):
-- 
GitLab


From 25eded716adf8c934768ae150d76a31e8556e7a3 Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <michael@stapelberg.de>
Date: Mon, 9 Apr 2012 20:33:05 +0200
Subject: [PATCH 09/12] Make removeolduploads work with python-apt >= 0.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Arno Töll <debian@toell.net>
---
 debexpo/cronjobs/removeolduploads.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debexpo/cronjobs/removeolduploads.py b/debexpo/cronjobs/removeolduploads.py
index a769e5f8..73f0c49e 100644
--- a/debexpo/cronjobs/removeolduploads.py
+++ b/debexpo/cronjobs/removeolduploads.py
@@ -114,7 +114,7 @@ class RemoveOldUploads(BaseCronjob):
         self.mailer.connect_to_server()
         self.pkg_controller = PackageController()
         self.pkgs_controller = PackagesController()
-        apt_pkg.InitSystem()
+        apt_pkg.init_system()
         self.last_cruft_run = datetime.datetime(year=1970, month=1, day=1)
         self.log.debug("%s loaded successfully" % (__name__))
 
-- 
GitLab


From 9409b1208040f376817558aea72e8cb880a85072 Mon Sep 17 00:00:00 2001
From: Baptiste BEAUPLAT <lyknode@cilg.org>
Date: Mon, 29 Oct 2018 16:00:18 +0100
Subject: [PATCH 10/12] Fix gpg tests by using newer keys

---
 debexpo/lib/gnupg.py                          |  18 ++-
 debexpo/lib/validators.py                     |  15 ++-
 debexpo/tests/functional/test_my.py           |  44 ++-----
 debexpo/tests/gpg/debian_announcement.gpg.asc | 112 ++++++++++++++++++
 debexpo/tests/gpg/pubring.gpg                 | Bin 0 -> 4522 bytes
 debexpo/tests/gpg/pubring_with_355304E4.gpg   | Bin 1448 -> 0 bytes
 debexpo/tests/gpg/signed_by_355304E4.gpg      | Bin 445 -> 0 bytes
 debexpo/tests/test_gnupg.py                   |  52 +++-----
 test.ini                                      |   2 +
 9 files changed, 169 insertions(+), 74 deletions(-)
 create mode 100644 debexpo/tests/gpg/debian_announcement.gpg.asc
 create mode 100644 debexpo/tests/gpg/pubring.gpg
 delete mode 100644 debexpo/tests/gpg/pubring_with_355304E4.gpg
 delete mode 100644 debexpo/tests/gpg/signed_by_355304E4.gpg

diff --git a/debexpo/lib/gnupg.py b/debexpo/lib/gnupg.py
index d0ab4217..5e3a732f 100644
--- a/debexpo/lib/gnupg.py
+++ b/debexpo/lib/gnupg.py
@@ -85,6 +85,8 @@ class GnuPG(object):
                 r = key.split("/")[1]
             elif attribute == "keystrength":
                 r = int(key.split("/")[0][:-1])
+            elif attribute == "keytype":
+                r = key.split("/")[0][-1:]
             else:
                 raise AttributeError
             if not r:
@@ -95,7 +97,6 @@ class GnuPG(object):
                 % key)
 
 
-
     def extract_key_id(self, key):
         """
         Returns the key id only of a given GPG public key, e.g.:
@@ -105,7 +106,7 @@ class GnuPG(object):
         ``key``
             A public key output as given by gpg(1)
         """
-        return self.extract_key_data(key,"keyid")
+        return self.extract_key_data(key, "keyid")
 
     def extract_key_strength(self, key):
         """
@@ -116,7 +117,18 @@ class GnuPG(object):
         ``key``
             A public key output as given by gpg(1)
         """
-        return self.extract_key_data(key,"keystrength")
+        return self.extract_key_data(key, "keystrength")
+
+    def extract_key_type(self, key):
+        """
+        Returns the key strength only of a given GPG public key, e.g.:
+
+        1024D/355304E4 -> D
+
+        ``key``
+            A public key output as given by gpg(1)
+        """
+        return self.extract_key_data(key, "keytype")
 
     def parse_key_id(self, key, email = None):
         """
diff --git a/debexpo/lib/validators.py b/debexpo/lib/validators.py
index b71403f4..46542130 100644
--- a/debexpo/lib/validators.py
+++ b/debexpo/lib/validators.py
@@ -88,9 +88,18 @@ class GpgKey(formencode.validators.FieldStorageUploadConverter):
         """
         requiredkeystrength = int(config['debexpo.gpg_minkeystrength'])
         keystrength = self.gnupg.extract_key_strength(self.key_id())
-        if keystrength < requiredkeystrength:
-            log.debug("Key strength unacceptable in Debian Keyring")
-            raise formencode.Invalid(_('Key strength unacceptable in Debian Keyring. The minimum required key strength is %s bits.' % str(requiredkeystrength)), value, c)
+        keytype = self.gnupg.extract_key_type(self.key_id())
+        log.debug('keytype {}, keysize {}'.format(keytype, keystrength))
+        if keytype == 'R':
+            if keystrength < requiredkeystrength:
+                log.debug("Key strength unacceptable in Debian Keyring")
+                raise formencode.Invalid(_('Key strength unacceptable in Debian Keyring. The minimum required key strength is %s bits.' % str(requiredkeystrength)), value, c)
+        elif keytype == 'E' and keystrength == 256:
+            # ECDSA keys have a fixed size.
+            pass
+        else:
+            log.debug("Key type unacceptable in Debian Keyring")
+            raise formencode.Invalid(_('Key type unacceptable in Debian Keyring. It must be RSA or ECDSA.'), value, c)
 
         return formencode.validators.FieldStorageUploadConverter._to_python(self, value, c)
 
diff --git a/debexpo/tests/functional/test_my.py b/debexpo/tests/functional/test_my.py
index 336eea96..5a07f1eb 100644
--- a/debexpo/tests/functional/test_my.py
+++ b/debexpo/tests/functional/test_my.py
@@ -10,37 +10,19 @@ import shutil
 
 class TestMyController(TestController):
     _GPGKEY = """-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-
-mQENBEwmV4wBCADCbdBf65H0r13XfVVncCc9pW7XkDYuKD8locXY48IdKVQRKK97
-lJUZv7Ys/nx1QTTux/S7ldhQS2Op4pA86uEQOnynmM2S5uePIslbkRKGnfcfUYdE
-9Ij7S0+ZIafr2MUdehFLuPhCH9ddepA5rSLfgVfMAUpwyZ+/VZOCxczLntOWhTqH
-xcN4aHJ7M6EXixH4uOe+hL2PeNw1LGN/ESXgEsPuJkYnKQb6XYFGFb08WyiJ7AXZ
-JMuajajTw626U2rsqoi4HNHFifGm3K2+htR5V9gStdF7CxmCAgGyQ+/vhqMAv6zv
-HLWWLbSIUOftAT6zHcu/DI9yWESe1WH6hayBABEBAAG0HVRlc3QgdXNlciA8ZW1h
-aWxAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJMJleMAhsDBgsJCAcDAgYVCAIJCgsE
-FgIDAQIeAQIXgAAKCRAKG4hEZ1gmHq1kCACOmW8SuVYSDIhAHWmlA9Ch4QIPsCMt
-9FazOHN72Gr1gB8rdUJ0qGzkOiP349sjSPqVfHz9NX830ng2QvFl0hiVCdtUlERn
-ijgBUGu0nPIpZH0UskWVXthndL3twmGtfIxwzsZEWeOrmRg24q4PMBqIOA1SNowk
-Ck14LkmR65Ds9a/KS23Mnd5YoH+NDB5fABXU0vgdn6il9tJhYYJPSvssj0AoF620
-h9VAJ+/qpCNxmIZBa6NhDcyOoFg0i5nPo4qJRx7e1KmApGjFdW9c/Rz8pBD3v5iQ
-dfkC6NRhQVoWMzVPv7RiDuC0Ig7ub1QZ8waSNDW2uwLLqwM9bRNmedY2uQENBEwm
-V4wBCACw8DO6P7tVTaYlhqffAPMpJE6O9yjqz+3LDJCXJhPD+js8y5P/6i8QA80K
-F2jXpphp+d/iqMbIpp+p2w2OpoF6mbc/Frf3Jjx+4pL5lwWzoicdGvxdjDeXYmCc
-zI9AxderVEh4sokN9B6i/1dG9EOpkkbQ+gt9xP1Wbc4oi+03TvjEA1s+nToEkSgy
-dk2Xg69IgRBGyP8+x/Yzi5pWZrfGES0/Ui6+hfiJY6fYcLnW3mWFuJ9DZdx0JRmY
-mKqzorfmnHqYkUcJEKBSP6NjS2A3+SfCyZYBCFkDOZFY1zp7YtDkMTV4/vvSXBdt
-/oZNVztZk8C2n9TQve4My6kPoWfzABEBAAGJAR8EGAECAAkFAkwmV4wCGwwACgkQ
-ChuIRGdYJh64QQf+KXt6/VqrjYymGvKtOdufepJpBIoUehztZxJ+QSe+eL4ttrme
-BPtS964reKahaP8K77rowdBtEdOCXhFc5wLSHTNqsLB2lC3y3pzEotfxa2pyO7jG
-2Boy8TIj5a6ixA1nwEwPgX6RkZwnGCn17wQzTV8y8OV8ei7z/so6VHkndRVOt9O+
-x7HPR7QKPp2p/JtwP6xJUtZgaDKvBpK4rISqv7MiSHljIa4sq7wfdHw8zJ8ZTtYv
-2USGdIn3QtoVRN+fsGzs2rRWK6Cc1AgNqhLgna+qagAq9hB3u52G9tjAlx2MD7yD
-ABRL0EeYuGCJYJRQsw8e8JuRSaVGwfotqkIHtQ==
-=PXiv
------END PGP PUBLIC KEY BLOCK-----
-"""
-    _GPG_ID = '2048R/6758261E'
+
+mDMEW9b91RYJKwYBBAHaRw8BAQdAHtUIQWAsmPilu0JDMnLbpPQfT1i3z2IVMoDH
+rhlYkO+0JWRlYmV4cG8gdGVzdGluZyA8ZGViZXhwb0BleGFtcGxlLm9yZz6IkAQT
+FggAOBYhBOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1v3VAhsDBQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAAAoJEChiGOfHT5wRdQIBAJ8rciR0e1PaA+LhoTWHaPSgCwvc
+lNFyRk71s75+hRkhAPwPnl6QqGsOa0DyJB5saVcqPCqYFbF1usUWIQnPPRsVC7g4
+BFvW/dUSCisGAQQBl1UBBQEBB0DzrYDCp+OaNFinqKkDWcqftqq/BAFS9lq4de5g
+RNytNAMBCAeIeAQYFggAIBYhBOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1v3VAhsM
+AAoJEChiGOfHT5wRNK8A/115pc8+OwKDy1fGXGX3l0uq1wdfiJreG/9YZddx/JTI
+AQD4ZLpyUg+z6kJ+8YAmHFiOD9Ixv3QVvrfpBwnBVtJZBg==
+=N+9W
+-----END PGP PUBLIC KEY BLOCK-----"""
+    _GPG_ID = '256E/C74F9C11'
 
     def _setup_gpg_env(self):
         self.homedir = tempfile.mkdtemp()
diff --git a/debexpo/tests/gpg/debian_announcement.gpg.asc b/debexpo/tests/gpg/debian_announcement.gpg.asc
new file mode 100644
index 00000000..ee88ea97
--- /dev/null
+++ b/debexpo/tests/gpg/debian_announcement.gpg.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+
+Fellow Linuxers,
+
+This is just to announce the imminent completion of a brand-new Linux release,
+which I'm calling the Debian Linux Release.  This is a release that I have put
+together basically from scratch; in other words, I didn't simply make some
+changes to SLS and call it a new release.  I was inspired to put together this
+release after running SLS and generally being dissatisfied with much of it,
+and after much altering of SLS I decided that it would be easier to start
+from scratch.  The base system is now virtually complete (though I'm still
+looking around to make sure that I grabbed the most recent sources for
+everything), and I'd like to get some feedback before I add the "fancy" stuff.
+
+Please note that this release is not yet completed and may not be for several
+more weeks; however, I thought I'd post now to perhaps draw a few people out
+of the woodwork.  Specifically, I'm looking for:
+
+        1) someone who will eventually be willing to allow me to upload the
+                release to their anonymous ftp-site.  Please contact me.
+                Be warned that it will be rather large :)
+
+        2) comments, suggestions, advice, etc. from the Linux community.  This
+                is your chance to suggest specific packages, series, or
+                anything you'd like to see part of the final release.
+
+Don't assume that because a package is in SLS that it will necessarily be
+included in the Debian release!  Things like ls and cat are a given, but if
+there's anything that's in SLS that you couldn't live without please let me
+know!
+
+I'd also like suggestions for specific features for the release.  For example,
+a friend of mine here suggested that undesired packages should be selected
+BEFORE the installation procedure begins so the installer doesn't have to
+babysit the installation.  Suggestions along that line are also welcomed.
+
+What will make this release better than SLS?  This:
+
+        1) Debian will be sleeker and slimmer.  No more multiple binaries and
+                manpages.
+        2) Debian will contain the most up-to-date of everything.  The system
+                will be easy to keep up-to-date with a 'upgrading' script in
+                the base system which will allow complete integration of
+                upgrade packages.
+        3) Debian will contain a installation procedure that doesn't need to
+                be babysat; simply install the basedisk, copy the distribution
+                disks to the harddrive, answer some question about what
+                packages you want or don't want installed, and let the machine
+                install the release while you do more interesting things.
+        4) Debian will contain a system setup procedure that will attempt to
+                setup and configure everything from fstab to Xconfig.
+        5) Debian will contain a menu system that WORKS... menu-driven
+                package installation and upgrading utility, menu-driven
+                system setup, menu-driven help system, and menu-driven
+                system administration.
+        6) Debian will make Linux easier for users who don't have access to the
+                Internet.  Currently, users are stuck with whatever comes with
+                SLS.  Non-Internet users will have the option of receiving
+                periodic upgrade packages to apply to their system.  They will
+                also have the option of selecting from a huge library of
+                additional packages that will not be included in the base
+                system.  This library will contain packages like the S3
+                X-server, nethack and Seyon; basically packages that you and I
+                can ftp but non-netters cannot access.
+        7) Debian will be extensively documented (more than just a few
+                READMEs).
+        8) As I put together Debian, I am keeping a meticulous record of
+                where I got everything.         This will allow the end-user to
+                not only know where to get the source, but whether or not
+                the most recent version is a part of Debian.  This record
+                will help to keep the Debian release as up-to-date as possible.
+        9) Lots more, but I'll detail later...
+
+Anyway, I'll provide more specifics in a week or so after I receive enough
+replies.
+
+Please, all replies by mail.  I'll post a followup.  If you wish to discuss
+this in the newsgroup, please don't turn it into a flamewar. :)
+
+Until later,
+
+Ian
+- --
+Ian Murdock                                Internet: imur...@shell.portal.com
+The Linux Warehouse
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEEuSzBcBIwbfVk7W13FdIOf2r1tSUFAlvXATEACgkQFdIOf2r1
+tSV3uxAApxV+PFe9gP7a7cJJ5nVKvcpLKUom501TSgHnebjoxT32x5S5+/l2Lf6U
+z9w9bQoggbCMF0FwoFQ/qtBJ+loFKDiz1ToZqV7gWNRYR8YxRg867c1JQ780gmBx
+tq44D8UN5IRT6o2NQpmBvkTLyOo3cYScbwUarny1pPPrT+pWcrz5sO3Fw0pcPuJU
+qu4S6kDZHm3sLOvgevhmBgAX5OEeZpJNP/FemV7a2wNVT4+xCwsmzMvyN3kTitKR
+gCoH/n0MyGkgHupI5B6B22WTGIX6ogbSmjH4jUjr8YmRsJHBZkncjEPkGhOU5YeU
+8Mizp+u6Z70N/b/A2fuqmwkA7X24FEZ1Re27V5YU+eF/23kk62LSBxGmr9NEe2eE
+5HxP3+DgdszULs6t1xH9vAuSnCNlxmSNZ6fMJCsggd+mddBIRrZMSAdqgosYW/YD
+qw+ydGPb6P0w6DZQZs0K7p3OB5fKjdLbXn7rl+ut70chkMtAkRvH5jYlC+QaPjmN
+vwYGwv1PZPaOsIaCM8a2OzpzqePF+NFDAg0wa5gr7sxaBeMgtvwwCe2+Ufq1JY6R
+X7/ubU4/LKouiUvUlkx94ywzMMUu3jT5h0YKcpFNSYIdYDryKphKsfShkPL99Hc3
+xuMqR6HFZmCFLPxNue5/i/yycAAfXecXr3ZcoYVMIUl50NV7OuqIdAQBFggAHRYh
+BOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1wExAAoJEChiGOfHT5wRGV0A/3WvXKec
+IJBQxGQt9tevYll6yPV7+fKeAWxzblL4YIM6APYgmWXfitzvt7hxmJrS5+cpMd9A
+w75HtceAxeuhvK4IiQEzBAEBCAAdFiEEd8cUFd1/c7yHLW6GLs8+zl3EJqcFAlvX
+ATEACgkQLs8+zl3EJqfuGAgAm7hctCl4Ol4UYaeD7RQrObX0l/GTYZTI28ffyXal
++C+oo98ifVLlnyIat3GRib3bP8U4fz8440E4UClUrPiMUfUHMff+3rNvWnXzTeQj
+IqsfMycrq4cQNpLQU05H7/z4pzfDg1yY3/J92BJL+OAbO2K13pVd6/fW3rZK+H0E
+htd0mj512QNH0lzIcUx2dp+4VTyRPlda+zbBn2bJaphLMkmAV2cfnRQ4xDjqNxGk
+XKTRAtAi6oqZDskYYJoIf4UrdWzQrNE7MgDsmr/eGy/0wG5cSbuintuBoonc7agb
+lefymg6+MlgapLm45sptAgjy//nWGRbGO2pYttWEZiHWcQ==
+=VDty
+-----END PGP SIGNATURE-----
diff --git a/debexpo/tests/gpg/pubring.gpg b/debexpo/tests/gpg/pubring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..881e9ee9ecf51f9f86b37d5da76b2f2049b7c141
GIT binary patch
literal 4522
zcmb_fWmHt%8a^`&-5{-W4W*LO4mn7DfYQ>9fWS~HF*G6}UDDDB(xs?KBPB6(OUVcl
zj!0a<%lhuU>s$A`Kki;@pR><<_E~H1=Y7ueyc+-jW)KJftIFxy0B6l;oV4S-pO1ex
z>~t{bV&n$^*!Tb#xa!q;g=)s%y(Ns_IaFXkrvLs&&cd@9%;&TEQ_bZAjE1L_QPbQD
z{vwA9bZy&bVX5<XXAJ}pon11|MjRK<U;uJ)|BuV%3Q|GD5TmhU4G<ns10b17oyBw+
z%B63W6pPvH?Tq`WRK^hbIp>a!33+)_P?|bZ-%%*!R*KtdnJAO);+)qu+VDvv%JH8x
z3yyQTYM>JARltUraX4J9E6aVDUF0!Rm6UvYn!Suwqud23^^1))W%D-J7nwiw%E8)X
z$@SgXY%vm$n0$eWT9U>oj|7^ESWT--7-<W>Cw<_ShUXckr3W2S)_PRI6YSNBXzu%l
z%RrkZvuA+#{exL)qV^U1dl&-E<R3cq3xl|2^_2&t$|$c=?UN}Q3ovr>B~&qet99_}
zPMwVAiP<NrrqEa1^pexc&odv5yznyS(exW&dg-CJ2rCmUP)v0N$Uy+8@(exOhqk}-
z0n~6<SzB0pKXhS6Si2+aoo$(={u#J!?QQP#@PV~}i<_;?KR*Kh#yA3W7eaZ4rwla<
z<gXHm4L%1P%z%ZBkM+S8z$V1U!v*6|5#Zwyf+5skED)Fx1f~f92=K`+bMF&?duphF
zuJ9UTYq#~1^No!uAg)Aww8ug@7l$q{*a#$kdT0Oe9gx?yV;@kk+%kJqP8TH{1|f+c
zEE-8vkr6$CU`MG6U9k*%J)=n5JVAe|WLMG+)n=OVL*;qc`$ENfuj};Pt6i6C0w!I`
zEma8nY>xJ2qkUe@jVwvNmOtuZfw_d?RQS2a_I#zl7xkw_wHu@%mTwmO4ExdHFX~*c
z!pv}b_PevUJ%@TuF_Ny4L$hy;^)G7$4Lp1`Xdl`T*Xi*|#R*(@Qvcb1I$<A|Pr%##
zMt?kel5QaVM2bvpi8iuHhqY)dTe_YFm%4Yz(Pn`5)4PpoJTI;45Pc{$q_GkQz&gte
z(D)}~du06r3pK*uHo9}zCgL#W=GVxIa&kOWw|Y&7#Z@-={=J4Hx1*S}9v<rs$&-W_
zSEtH593)r%;Le66`1LgYvIEh;MY380c4G<nlm^mskXQ`rbv5$u{n{V((7x*u?fo9n
zyqoISw}CwPdRO2%<p=(;tMEi&dOp~a$_Gs)WtnJ`$76;C)}l?+=pSyh(anW(uX!_@
zmQ88anZ$7%<k306uI3OOAKah>Q_%3b;Z2uIgnCpa&R3XV!i$P9TA2ImN~Mv(S|0Xe
zuKi|egpNH7EO<*SWc7~G{XSLww<O>%<x*PmlHTtg6ZwaX35+)&xIF0@)v$whv^hJ9
z^-V7r8v&An(4Nta^Ka-z^qX$~N~^7U+~ccOf`(O&qP*P_-7SzFYCAhxV8Ju|xuui+
z%Ay9%a=1&4e}o2UfZWXolGolAp}NbNw!~R`5T7UaDo1Y<pgq*VuUIf#^j#=(&Q&*b
zA|2r<mt<L#l60}mZNZFaKMBq|I`zaT#)fN+`D4f@GWI(ff9zzV_~?Eb64)5+?Zg;a
z#_bglBeKWRkV*0UMHP=uZG7d771UAV58TMZmRn(l=D>Jk_R^9LvBQo~7SznWR#ga$
z-oo!;99FBdY))npF*PMDzdjpFRw=bdHU5CM$<2$_z(2E-Bub4VvwrLb9!xL8HbGg`
z39+!QpaW`Ot@r&ocF+^5o5;o4HFrs?<Q+l7-b48Kc-TDR6T71L`<Wau0Kkv=Q=0LP
z&!xGM@BKrH8&3OHTTWh7!zBI=`?cpn%Y6Rt2b085)`yB9+gV!!yZEUauZyiKpN0QT
zn!*3OG=ndsIRr!oR1I7i%yo)jf4Nz-8-5^LXUZ3(Y`kxbODu_8TALOubH9fgmF<)b
zBJ5dk=ZH+$XEBTw>CZI!1AO{ofXeVDuIm~*ZvlK~1s{Uo7gMKB8Ic~^aB(IOgK@a3
z868pV@o$?3Cpvx`;&VP)?`%%sbcf4^sQ&8re7Uys)LB=feRt@y9VJR$%<`zT<e(8H
z)*(@6Sa{UW?Lnbzm984cv$@h4H%W1Sr3B+v`t~J1Z+>yt=qVG@%nrX?Vf#&)vb!ml
zOD9~?Zqvr{)P9a4ZWe%hjL>R@gCo|ZlI}6;N*D;rZ^;(NIAqnnDAFUwY^-D|@%F2f
zfbSow%W9A$Tf&@zB<K7N{6A_tzp5;;hOQV1?@s+pf-<Wun>?WS&NF+hwffq|)8y^D
znYr@|;MPaZ2{?+~c_gF<<SqWB85z6Ue3Wc^)!F6HuzsI*m1iqJSrN&E%8q@*m+-Mr
zU+N&KRvj|_&CKNat#nLMFcg-fqlfeOZUKwBH~BT`jegBG*s4_>`||~RBr6J3l7=?C
zQ#K^gDl9wHXDg3%zqR8_bCvf#Lo?nF{}qY#>PYFmr^Uyv*$pw3`-^=)pLVC}WW#1e
zS8aP?l|9<EKjwv4;S_R!%b{PUd5nTJh*}~s8|!Mc@w9U`J1g9iW%m!$k4IWji5Wy>
zmCKUGh5t8e0&84Y)2%bD_$wk`SX0QkHT@S;x@3J;8tJL6W=w;`zCT-?CUnG2HzY~U
zrX+B3tb}Yuc({-cJs?k|Zs5~F6xs5Ha@GS&d|6Bg4pU!68nz`cwhS)7@;Q?+KPMcM
zPB`gZo(wO`Nb%=!%k+HQ)2|qKBUY;LS?!aFgLqc7<e)0OwAVWin?6pby-s4AX*Cah
zvyKnLOPWX8%QaOWe<W_fadpc(Z|O-OTX6OW+XvFsnLMk;vT{bTQ>DEk+1`~^7h9L6
z%RC7S5$!Xi?7r6hTrXxH-J)P(JrM3fy<?#_;`$SdwBp4SjtGYJJ3M?u+r5|ThL3(0
zM3j;&VCYpE30DxukXTLAOP>>sGIytgE2AQ1L3xD-CjDu8U5I5UNWRBqSX4qNSIo%%
z;j)*=4H5RJJAK!M5?RCVn}2B>e?7i+IM=_nxNF1Ae!E^C){8Nvj=b8z#+@aV5P1bd
zGO~!*ruvqsYB4P8aY*#GMvQjg=XIq-Z_sxyPZHZKfz)RWxG|$Q)GOn8JXN?bTS#jN
z^<MVs9%>6yX7(fYn<9PX`vU`Wg1ykbx(3t+PfVH3>bJxxv69)y2Wi1_h`gCS?3{(d
z{*vK18N=@eE?(R6T<CpNG#Azk58<joy|LX-|G7K*7VZ=qwuf8-Z2XzLYqqN!GBw&S
z^l~;ABcrPt-{C;NN983@I3|5DaIjYCq<m8QYw1!w8~@a*k-D7ZYfBbLyJyepKbR|>
z5Xtda5y{h*)^uj4u!i4b%cT&53w+Ht@tWF=Z)WH0GZ5$6=MhBJ{tOHpISCB}DEVd_
zgPf_xTY_GtzEiTmnI3X1a%>Z62gz4%Ix#m>S2aA!vQRWfPUtgDkd5tPve0mrEzhRr
z?Lb{)f$Qv8_#t+IWJURP<gN?7#-CQL5H9#tb(T&UT1gms-@EX9nKFegVnlQ0mn|k8
z^V%fuk7zviq6F)KgRA#lysLjb-lvIQ6ZudI@#;|As8&3|UOg?XaMf5cpOkBRJjyy=
zOeMYeq3p@W6^19bZU-kvYFy>C?$#<Cv@(hA*f(Hk%TQ?}K#DPy^vBIB=K69YGb}9Y
z<AX#g!H)TdiiUqM1PMN>7O6`*A~t3|jGL89Xl`L8BK;bLPwyu_cF%=d{5xzGsh5J?
zS)L}8`8B0^2;X-)Iq=BB&J-LmvUPJf&Z$zetDN$?^XXLJ^9PLE_R~o;p{FM}X$-I7
zZ#Xq;#-jVZ=EV=u4wkn+(=*l$L+NlNO3Bt6>gY&0dj?DLCk%LL@M?(&wi6Xh+m5Y7
zw>OVPZ>Hb*n2u2~w@!?DvK{A}oyxBv8i`M5-#<)PXv=>u9uP`eB%2e;?jWC>p7S_W
z@>hf2FE6~elKRv?n1Hhj?s{v2T;I`tlXL-mJP-O^lz>GqiW26(5gMZNa^zA_B9=%`
zn8^r2B5s-%<{eqpZmDAB<_($1G6|?!%)Q5yyU^7Kt=rSHbq#z=QFzQjuQ#G6a6R#p
z+_9!Ze>b!+&b?v+y2f-W=WUC0*lYD3_H{{xO$+$%KL~Ixy>iT75cumFJ#9&s;?Om2
z$Mm)OvS_Ae0F^Pr?Lf|~{*p*JxQ-u&Rtul@?<TiPjl@}jEHfcHdhbN6vE1}L60LC|
zglOUMWf)!;z7d}*qT<eDVsbMp^4r+LGVeBuo3Ha(Q%sfUamctqg{vbXINwZb<JfPX
z!#5Kzp{*8Ar6m#Zys0gQY_bh|gx~J=g4wuKgh0YWxa-Te%6GkNDKOHus#^OHB`Elb
zhj&KV(RGpQl9Az_&dTzD2aT{rdP;-$d&Bx>Gcl#GYniuzIn71l=dW^~iBy=m9gT_|
zeGZOVu#6D`V>5rQ!_CF_328eZ@9a~dAR4HVN7v0da9pvSXyXW|!SIb_^Pr46A9Dqw
zyHi{?wk^?s(hBkCs5eo%<wS7Z>cq~SU<fyJvaq15WiEA&#*ZBC;WuW?6XHmaJ&YBn
zCPD(OlU^q<6X8d6FJ4AxKIyB#w#56gv65;$ahm3}7gP+Rb0Hm$v08gQ-Q$~<#tj+s
zzf{~GQ`Lh>d1HG$?xH0VpleG{**+OaVGq`DufAE%d{;<_CRR~+iWqMF1iKUz)QbmG
z4arsOo^0H!d0LplO;*}P005i)S&o7F&&#m|A9Vhv@)zuhP)h-B3)<CA%?$Fhl8gDQ
z10R?|4VcMI@`lCPU*DaJZ!L6JYdQ=6TR8@_okjkqlX8mC`9XP<8lM*j1OZJdlY&6F
zw;4zAU}k(Nn3v6R@`7$t`Fl*7`t<`ARDuDWujuq+zx^MMli{%tN@_gd+_L{_vlo^<
z`Ztz+iHye?d|AA1?1;xYlUR!jIU-?pd)b79(+NXvN*epsZ~a2(Sb!taOq19mM-s=|
z-`N=-*z55~@uX0__GoISX2BnjW}qUx%u&Ow3q&XgE)Yq+2f{vwWVbxvL*Y`Iuzq1t
zF_uA3R$WOe1f+dn*x-RSQ<yFn#scBthI>P3&-Qe#4*zXW7wT}icHs)(^uEu_0U1ef
zP_JHxvGtE+)sk^s)9|!ehEsj(ao3}SE)amRYI4&it=^FH+X>*jsvk`{e6tln^|pQ;
i7yrHPumR5H+9jiAR4Uq%L0gI(O|}YdT@xGD1OEVhG^q^$

literal 0
HcmV?d00001

diff --git a/debexpo/tests/gpg/pubring_with_355304E4.gpg b/debexpo/tests/gpg/pubring_with_355304E4.gpg
deleted file mode 100644
index 576d49973f0083fdfa8427015a5d41ae31232eab..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1448
zcmZ{ki96JJ9LK+NnHl#rDN~L`Wi!e|TWQA?Lg`^9WTd9TBu6HxNvtDgvRL;uHS=>l
z*fFh2DY=G}iA}T;I+3Gj!fKw3V~ySCS<gQ0Kk#}z-_QH?eDh&NNV`q=1T`cWYj~LO
zjMXJCv}nmdJ364tLi5ji7@SWo?}dKa)YmsmpL4+!5=sjhW-ebJf3!M%@`F3;h;9Xq
zJ022jko4LNcBZLM6WLHoFW~I1&$hN5aiBy;iZS+GMtsXz(M0;(=RV7&wr!m^)hVLD
z-oUf%LmD`%h+h79p!!ahvsetE@f2r!4@%j9I*xN=)AhxqImIYD#G)Z$dLi}+W4tF!
zr@J=oWeq1SkXbwIfth80jN%HXNk_Mb`OfienR9gRs6$)r=t!sf)umsFc{h#K6=2Ew
z{<R{aQtfl){zyyH-dpV{N5zp3!uuLVT$KY7gi>?y!}wf5px;Dm?#oZ!wQhX0bTn(Y
zrKm(K)mF+_U|Y$nAQpc#t?%Se&I$UFa(Mi;m@1ULfUKjZCTtqwN%4d&1*IYKx)T-e
za|W49yaz`W%n%{yDNf71l!5s4ca;}IV+?s0)$p<2o3jJT<|-rHgi*aC_o?d&ZMx}s
zL(RQtM5rddHn`n_uz9G(ZJw1+J(KP2B#Ov$lKhDpxyo?PtTrP1F=+mNr-JpoX(6Xh
zhX&Ek>g_q}$GAufv8MY41)U2p4PcPiG^B<a9O%m_U@>R}9D#!)5NqHtxDE`i6@!BB
z1DQ4`tfH@d9gxSWPBz;gw;&^jCz$}MN{?O|rjP@_Mx{+0=$H~++6ngoP!_71FHV~@
z-byVlF)tjv>+WFsstOJeZ0d>z|34bXW}INPfK?2*8z=FCAJ(^fF3k5uw^k=oal)w^
z0D9DRr^G08<A>;M`u)9<l36klfmsp!^9~eTRwfFIDlUlmrfjt)wGQwOrW|U^qIK(g
z9UgiJSmf3w!>}p<^}n4ymaL)aZ{icxRstF14tnnLUak2iT6V5q4#>`B)3#b;XaS%e
z36r4W;Eq3;(O$p%z1^C)IGzMR^<>f*>=P_k89rJdjC~#?S#pS9(KsMgmsgQnCThen
zWh|UmmVN%%2I!3efbNbm%^#(2la96w-GUWiYnq&x*?`BqlLtOr_iTRg^=7nyv1tA}
z({<l63$XuXDRgd^v1;5jvGcfriH7R{;`puINJ~&9c<$db?@zkzvHiql7J$06T`za!
zT)5{pUE1?`q0~#|NVwyFSe9Q_7Rxc|msmc)=u(rwwe@+q?df-{NnCSLsI@)U2IrcH
z1yJG}1>g6nb&1Z})Z}VSM@F*-M<iq2gDJ^=5tb?vq+XdJ&2rD+>z+z|XT(mQ-RKri
z$Q!~OFP|e76s2gp4v??dGAa8<20HfeUU@e1^U9U9;;|DQI(Eo4r2@I{YhtDE^pc2K
z9s_EUf}l(yRliOVh=%=cVSIF@x~;Z}+a8Tq2M1`nmZ_NE9+rP?W{y`uzm#jtcvi~8
z=$6j_1PU>)Ozis99DB;P(snR>%igjtOhpmJaBCIQF8{HUh)?)Ez8l&{GW_F`zgFsR
zQ$JJYwcs-siu13Eisc%u7Qc8A2@2^((A2vfk&U~Qq70|D>g6BIu~s}0v13eO^9B%l
zGPhFF^LCw_F{e0^dpznf+ZVWF3|<{O^rFH9)41SL#@>%yyS%yLO2MqZ3tnAOjpgz#
v;T|4#6;BV(CiZ!X5Vy^qn%p1&o)6!+9Q~r;v`Y{R`CV_gga}Jz%PRT{o6B6z

diff --git a/debexpo/tests/gpg/signed_by_355304E4.gpg b/debexpo/tests/gpg/signed_by_355304E4.gpg
deleted file mode 100644
index 73293aae937d0f9c46d167898d5493a4954713c7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 445
zcmV;u0Yd(x0nL;@OT$1I#$&Dj0)lRW%TbpUYN1sTOT|SC1#wYaN-1~ETXRq^;qHp<
z>L5<y<f^VpzkxV(aB}byln$;AegMHslg9Lqpo{oU;mPyle)rzJxttx>BJ*#p9kR9`
zeI08?Q)HS*5HjgB@)wJfx(O9jwvP#AP!hl?2t%Y2NTlN#9jU@-6NyxkL0ua0u0mWT
z9aeD3v>7NlhpPfS)39`6(JCNjOJw)~%uL_tFXk4lbUh)9;eX8LiYALl$m|veq1M5L
zOtDXvywUF)y_;S^y$p^-`_gvu5;&IBW+U>wZ5{9$1aG10Lz56R4xovG#v`H0kD!Me
z{yS*$4YYuM?-Fu=Ti6l)QK@Dr#I1kU>_2W(gF@AGx2<<a<p@|wO$aah=UGwbOA%#A
zNtuBV^&-cZG9xrig&5EyOU4q&djMduVlY{SFI8H0O{lvRIIS8pIhZlz+0~LMmGF>o
zyr-oDjl}yI2j^Vn6Wv7Uaypzc>7sksx~`w+qS|~!o1BQaKMYNund|*dI*;1Ta~rK+
n-rC!HhYy{*x$Jvu%3RQHu2vII?Typ><!jhoF+L9J&9j$Jxgy!J

diff --git a/debexpo/tests/test_gnupg.py b/debexpo/tests/test_gnupg.py
index cca650a9..de7a37fb 100644
--- a/debexpo/tests/test_gnupg.py
+++ b/debexpo/tests/test_gnupg.py
@@ -44,43 +44,21 @@ from debexpo.lib.gnupg import GnuPG
 
 test_gpg_key = \
 """-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.9 (GNU/Linux)
-
-mQGiBEMnG4URBADovsaF04fRCsE1w5IHR0YHp2+Zd1Yjd4yo16B/J9nZ5Gj6Swih
-LaWhcjFL+crrP2tk6lKHXR+pYZ7pbm0jit4xAXDA2RQEvqVomps6vZVAQuZGVH57
-7whF0SWrO/XJ7JH68Nk7/8gwz7ISVMlq12pzy+MTFT9216vpahI4h0rv7wCg6Y1K
-RVZUp9sSFZuxJ67+ivoMfUMD/iQD8v2BznLp1XEe0rqQ3LebkGp5uuRWCPWI632e
-wfI+XzNxXvqrQnn6aJ7nRsi65+bPEpz/qjKYsikSCwGMIWa6yTINutYO2ns7Ltez
-y41f73vEdNm+5k4OZ4XB+zTvxoOXrWpl7MWX3O5aulGrB/vnlOTDoqTv+xoNkv2I
-PwoPA/49Lr3Pm1R1rdoEBhsbnYCwBUWtUx4gEcHA45/7Gy0rmqVuCh/sqeWW4nn/
-n8RfCzEDbgfxm8O5jduDkeGsem+AJJ96ERuBWiiVZ6f6rHZRwX3X5rtbGaFB0miY
-48LXBwNvFBu6bcs1LSjjw1H8h5lbcJVaScl2mEn39AXmnHJKk7QlU2VyYWZlaW0g
-WmFuaWtvbGFzIDxzZXJ6YW5AaGVsbHVnLmdyPohhBBMRAgAhBgsJCAcDAgMVAgMD
-FgIBAh4BAheABQJIAJNBBQkMXkW8AAoJEO3CRWI1UwTk7XkAoLCRfv/kVFNq+X2Q
-7E3M8cl8OAJcAKCUBbSr75DtKS9bo6Q0oeK4UkYu3YhbBBMRAgAbBgsJCAcDAgMV
-AgMDFgIBAh4BAheABQJHwhWtAAoJEO3CRWI1UwTkh6MAnibtG603HMtX/fzZfsW0
-hlsVwfGxAKDHyLakJZMm6n6VaLtE96T1UzIDCIhhBBMRAgAhBQJDJxuFBQkFo5qA
-BgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEO3CRWI1UwTkjrwAn0+NVciUYdIhWFnj
-xgCHU8XAJHGwAKDa4PJgjBMUZixcfcikoCOX4lc5WohhBBMRAgAhBgsJCAcDAgMV
-AgMDFgIBAh4BAheABQJIAI9NBQkMXkHIAAoJEO3CRWI1UwTkJDUAoNX3eS0PRlIb
-ZJLLvTrlQxaCgp/3AKC9Uz7oAe4Blw4C55rBgdZs9/9Gg4hGBBARAgAGBQJIE4J5
-AAoJEBVYlEWZ6B2g3yMAoLjneTTHkTD758PjswGiCbfASXmVAJ95tpgA6q5Xwtj5
-sn6tcv403pNOSIhGBBARAgAGBQJIC88zAAoJELdRFAn8Fdvsvq4AoJtlGCZhhRAt
-V0w8/GY+tVYzY4SHAKDRGk6EzJZ4uVHypdXw/aVYD110R4hGBBARAgAGBQJIO/at
-AAoJEJYs2vc7xAgfW4oAnRyYl8uRtkA+njTJb0BFnkEVToYJAKCG3wte5Y68hkoa
-W4y0FEdywhObybkBDQRDJxuHEAQAjonzPvWecBu80Pte8+9J8FFoNc5THXFHhHU+
-mqKNGk7bU4lCeVRM5tvMPJ/dV7+rmKgNF4MJ7MweQwQWpa0GKreB++EgijKUVtsR
-95pskzJbIbwMAMnkZbMIXB/7H8VChjDH6bRtZxROpw80teQK3jE0Gw8H3Aa/ktOl
-nwgfqPMAAwUD/A4y0e7CgWlCrELidCtEp/Z5DMlUJC+weUOZyknJqy3Ng9KgSD4k
-1HxmF46v8YtU/BcC83ijmZzJowa/P/72WDItC5EloPHhNnu/OQ19JPEvIJlPlkAM
-Y3Y26AsoHQBvZJes99XgGQYpm6N7nmJ9yoheAFIII91gVdipLAi//UuniEwEGBEC
-AAwFAkMnG4cFCQWjmoAACgkQ7cJFYjVTBOS3OwCg0XRWVkOp0Fn1htlXyQO1MdAs
-sS0An1yrKagH2JprS2yHBCLXdPcyAY6I
-=VNMB
+
+mDMEW9b91RYJKwYBBAHaRw8BAQdAHtUIQWAsmPilu0JDMnLbpPQfT1i3z2IVMoDH
+rhlYkO+0JWRlYmV4cG8gdGVzdGluZyA8ZGViZXhwb0BleGFtcGxlLm9yZz6IkAQT
+FggAOBYhBOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1v3VAhsDBQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAAAoJEChiGOfHT5wRdQIBAJ8rciR0e1PaA+LhoTWHaPSgCwvc
+lNFyRk71s75+hRkhAPwPnl6QqGsOa0DyJB5saVcqPCqYFbF1usUWIQnPPRsVC7g4
+BFvW/dUSCisGAQQBl1UBBQEBB0DzrYDCp+OaNFinqKkDWcqftqq/BAFS9lq4de5g
+RNytNAMBCAeIeAQYFggAIBYhBOF57qTrR+YF2YZjLihiGOfHT5wRBQJb1v3VAhsM
+AAoJEChiGOfHT5wRNK8A/115pc8+OwKDy1fGXGX3l0uq1wdfiJreG/9YZddx/JTI
+AQD4ZLpyUg+z6kJ+8YAmHFiOD9Ixv3QVvrfpBwnBVtJZBg==
+=N+9W
 -----END PGP PUBLIC KEY BLOCK-----
 """
 
-test_gpg_key_id = '1024D/355304E4'
+test_gpg_key_id = '256E/C74F9C11'
 
 class TestGnuPGController(TestCase):
 
@@ -120,13 +98,13 @@ class TestGnuPGController(TestCase):
 
     def testSignatureVerification(self):
         """
-        Verify the signature in the file debexpo/tests/gpg/signed_by_355304E4.
+        Verify the signature in the file debexpo/tests/gpg/debian_announcement.gpg.asc.
         """
         gnupg = self._get_gnupg()
         self.assertFalse(gnupg.is_unusable())
         gpg_data_dir = os.path.join(os.path.dirname(__file__), 'gpg')
-        signed_file = os.path.join(gpg_data_dir, 'signed_by_355304E4.gpg')
-        pubring = os.path.join(gpg_data_dir, 'pubring_with_355304E4.gpg')
+        signed_file = os.path.join(gpg_data_dir, 'debian_announcement.gpg.asc')
+        pubring = os.path.join(gpg_data_dir, 'pubring.gpg')
         assert os.path.exists(signed_file)
         assert os.path.exists(pubring)
         self.assertTrue(gnupg.verify_sig(signed_file, pubring))
diff --git a/test.ini b/test.ini
index 8170a9af..4690845a 100644
--- a/test.ini
+++ b/test.ini
@@ -68,6 +68,8 @@ debexpo.gpg_keyring = /tmp/keyring
 
 debexpo.enable_experimental_code = False
 
+debexpo.gpg_minkeystrength = 4096
+
 [loggers]
 keys = root, debexpo
 
-- 
GitLab


From 36128dae95b6e590bcfb32250622c2c9cfb797d9 Mon Sep 17 00:00:00 2001
From: Baptiste BEAUPLAT <lyknode@cilg.org>
Date: Mon, 29 Oct 2018 19:12:24 +0100
Subject: [PATCH 11/12] Cover feed with testing

---
 debexpo/controllers/packages.py           |  2 +-
 debexpo/lib/validators.py                 |  2 +-
 debexpo/tests/__init__.py                 | 64 +++++++++++++++++++++++
 debexpo/tests/functional/test_package.py  | 32 +-----------
 debexpo/tests/functional/test_packages.py | 38 +++++++++++++-
 5 files changed, 105 insertions(+), 33 deletions(-)

diff --git a/debexpo/controllers/packages.py b/debexpo/controllers/packages.py
index 57f32fda..f12e5007 100644
--- a/debexpo/controllers/packages.py
+++ b/debexpo/controllers/packages.py
@@ -161,7 +161,7 @@ class PackagesController(BaseController):
 
             desc += '<br/><br/>'
 
-            if item.needs_sponsor:
+            if item.needs_sponsor == constants.PACKAGE_NEEDS_SPONSOR_YES:
                 desc += _('Uploader is currently looking for a sponsor.')
             else:
                 desc += _('Uploader is currently not looking for a sponsor.')
diff --git a/debexpo/lib/validators.py b/debexpo/lib/validators.py
index 46542130..e8ca244d 100644
--- a/debexpo/lib/validators.py
+++ b/debexpo/lib/validators.py
@@ -89,7 +89,7 @@ class GpgKey(formencode.validators.FieldStorageUploadConverter):
         requiredkeystrength = int(config['debexpo.gpg_minkeystrength'])
         keystrength = self.gnupg.extract_key_strength(self.key_id())
         keytype = self.gnupg.extract_key_type(self.key_id())
-        log.debug('keytype {}, keysize {}'.format(keytype, keystrength))
+
         if keytype == 'R':
             if keystrength < requiredkeystrength:
                 log.debug("Key strength unacceptable in Debian Keyring")
diff --git a/debexpo/tests/__init__.py b/debexpo/tests/__init__.py
index 6940bfc4..2d7e26ed 100644
--- a/debexpo/tests/__init__.py
+++ b/debexpo/tests/__init__.py
@@ -59,6 +59,9 @@ from webtest import TestApp
 import pylons.test
 from debexpo.model import meta, import_all_models
 from debexpo.model.users import User
+from debexpo.model.packages import Package
+from debexpo.model.package_versions import PackageVersion
+from debexpo.model.source_packages import SourcePackage
 from debexpo.model.user_upload_key import UserUploadKey
 from debexpo.model.user_countries import UserCountry
 
@@ -143,3 +146,64 @@ class TestController(TestCase):
         """
         meta.session.query(User).filter(User.email=='email@example.com').delete()
         meta.session.commit()
+
+    def _setup_example_package(self):
+        """Add an example package.
+
+        The example package with name ``testpackage`` is added to
+        the database.
+
+        This method may be used in the setUp method of derived test
+        classes.
+        """
+        user = meta.session.query(User).filter(
+            User.email == 'email@example.com').one()
+
+        if not user:
+            raise Exception('Example user must be created before the package')
+
+        package = Package(name='testpackage', user=user,
+                          description='a test package')
+        meta.session.add(package)
+
+        package_version = PackageVersion(
+            package=package,
+            version='1.0-1',
+            maintainer='Test User <email@example.com>',
+            section='Admin',
+            distribution='unstable',
+            qa_status=0,
+            component='main',
+            priority='optional',
+            closes='',
+            uploaded=datetime.now())
+        meta.session.add(package_version)
+        meta.session.add(SourcePackage(package_version=package_version))
+        meta.session.commit()
+
+    def _remove_example_package(self):
+        """Remove the example package.
+
+        This method removes the example package created in
+        _setup_example_package.
+
+        This method must be used in the tearDown method of derived
+        test classes that use _setup_example_package.
+        """
+        package = meta.session.query(
+                Package).filter(Package.name == 'testpackage').first()
+        if not package:
+            return
+
+        package_version = meta.session.query(
+                PackageVersion).filter(
+                        PackageVersion.package == package).first()
+
+        package_source = meta.session.query(
+                SourcePackage).filter(
+                        SourcePackage.package_version == package_version).first()
+
+        meta.session.delete(package_source)
+        meta.session.delete(package_version)
+        meta.session.delete(package)
+        meta.session.commit()
diff --git a/debexpo/tests/functional/test_package.py b/debexpo/tests/functional/test_package.py
index ddefddfd..82147911 100644
--- a/debexpo/tests/functional/test_package.py
+++ b/debexpo/tests/functional/test_package.py
@@ -19,38 +19,10 @@ class TestPackageController(TestController):
     def setUp(self):
         self._setup_models()
         self._setup_example_user()
-        user = meta.session.query(User).filter(
-            User.email == 'email@example.com').one()
-        package = Package(name='testpackage', user=user,
-                          description='a test package')
-        meta.session.add(package)
-        package_version = PackageVersion(
-            package=package,
-            version='1.0-1',
-            maintainer='Test User <email@example.com>',
-            section='Admin',
-            distribution='unstable',
-            qa_status=0,
-            component='main',
-            priority='optional',
-            closes='',
-            uploaded=datetime.now())
-        meta.session.add(package_version)
-        meta.session.add(SourcePackage(package_version=package_version))
-        meta.session.commit()
+        self._setup_example_package()
 
     def tearDown(self):
-        package = meta.session.query(Package).filter(
-            Package.name == 'testpackage').first()
-        if package:
-            package_versions = meta.session.query(PackageVersion).filter(
-                PackageVersion.package == package).all()
-            for vers in package_versions:
-                meta.session.query(SourcePackage).filter(
-                    SourcePackage.package_version == vers).delete()
-                meta.session.delete(vers)
-            meta.session.delete(package)
-        meta.session.commit()
+        self._remove_example_package()
         self._remove_example_user()
 
     def _test_no_auth(self, action, redirect_login=True):
diff --git a/debexpo/tests/functional/test_packages.py b/debexpo/tests/functional/test_packages.py
index 0c8d1ccf..38afbabf 100644
--- a/debexpo/tests/functional/test_packages.py
+++ b/debexpo/tests/functional/test_packages.py
@@ -1,23 +1,59 @@
 from debexpo.tests import *
+from debexpo.lib.constants import PACKAGE_NEEDS_SPONSOR_YES
+from debexpo.model import meta
+from debexpo.model.packages import Package
 
 class TestPackagesController(TestController):
 
     def setUp(self):
         self._setup_models()
         self._setup_example_user()
+        self._setup_example_package()
 
     def tearDown(self):
+        self._remove_example_package()
         self._remove_example_user()
 
+    def _test_feed_filter(self, filter=None, id=None):
+        response = self.app.get(url(controller='packages', action='feed',
+                                    filter=filter, id=id))
+        self.assertEquals(200, response.status_int)
+        self.assertEquals('application/rss+xml', response.content_type)
+        self.assertTrue('<title>testpackage 1.0-1</title>' in response.body)
+        return response
+
     def test_index(self):
         response = self.app.get(url(controller='packages', action='index'))
         self.assertEquals(200, response.status_int)
         self.assertEquals('text/html', response.content_type)
 
     def test_feed(self):
-        response = self.app.get(url(controller='packages', action='feed'))
+        self._test_feed_filter()
+
+    def test_feed_with_sponsor(self):
+        package = meta.session.query(
+                Package).filter(Package.name == 'testpackage').first()
+        package.needs_sponsor = PACKAGE_NEEDS_SPONSOR_YES
+        meta.session.commit()
+        response = self._test_feed_filter()
+        self.assertTrue('Uploader is currently looking for a sponsor.' in response.body)
+
+    def test_feed_section(self):
+        self._test_feed_filter('section', 'Admin')
+
+    def test_feed_uploader(self):
+        self._test_feed_filter('uploader', 'email@example.com')
+
+    def test_feed_wrong_uploader(self):
+        response = self.app.get(url(controller='packages', action='feed',
+                                    filter='uploader',
+                                    id='nonexistent@example.com'))
         self.assertEquals(200, response.status_int)
         self.assertEquals('application/rss+xml', response.content_type)
+        self.assertTrue('<title>testpackage 1.0-1</title>' not in response.body)
+
+    def test_feed_maintainer(self):
+        self._test_feed_filter('maintainer', 'Test User <email@example.com>')
 
     def test_section(self):
         response = self.app.get(url(controller='packages', action='section', id='main'))
-- 
GitLab


From 2c11b09634c300b86461c6a3491ac6ef654e02fc Mon Sep 17 00:00:00 2001
From: Baptiste BEAUPLAT <lyknode@cilg.org>
Date: Tue, 30 Oct 2018 20:03:40 +0100
Subject: [PATCH 12/12] Set minimum key size for rsa to 2048

---
 development.ini | 2 +-
 test.ini        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/development.ini b/development.ini
index 6f3e3414..dade2bda 100644
--- a/development.ini
+++ b/development.ini
@@ -97,7 +97,7 @@ debexpo.gpg_path = /usr/bin/gpg
 debexpo.gpg_keyring = 
 
 # Minimum key strength required for the key to be acceptable in Debian keyring.
-debexpo.gpg_minkeystrength = 4096
+debexpo.gpg_minkeystrength = 2048
 
 # Cronjobs to run by the Worker task
 debexpo.cronjobs = removeolduploads importuploads
diff --git a/test.ini b/test.ini
index 4690845a..e043518d 100644
--- a/test.ini
+++ b/test.ini
@@ -68,7 +68,7 @@ debexpo.gpg_keyring = /tmp/keyring
 
 debexpo.enable_experimental_code = False
 
-debexpo.gpg_minkeystrength = 4096
+debexpo.gpg_minkeystrength = 2048
 
 [loggers]
 keys = root, debexpo
-- 
GitLab