Hello,

On Wed, Jul 30, 2025 at 12:16:38PM +0200, Uwe Kleine-K�nig wrote:

On Mon, Jul 14, 2025 at 09:52:41AM +0200, Uwe Kleine-K�nig wrote:

The obvious fixes would be to either put linux-6.16~rc5.tar.xz into a tmpfile only (i.e. under a different name) until signature verification passed; or to not skip the verification in the 2nd run.

My perl foo isn't enough to implement the first suggestion (which IMHO
is superior), untested patch for the second:

I confirm that this patch works for me. With that the second run fails
in the same way as the first as it should be.

I highlight again that while considerably better, this is still
non-optimal as after the failed download the unchecked archive is still
in place for a build to continue. IMHO the unchecked file must get a
different name (e.g. linux-6.16~rc5.tar.xz-unchecked) until the
signature was verified (or uscan was called with --skip-signature).

Best regards
Uwe

-----BEGIN PGP SIGNATURE-----

iQEzBAABCgAdFiEEP4GsaTp6HlmJrf7Tj4D7WH0S/k4FAmiLETwACgkQj4D7WH0S /k6+Gwf/RhYzExEOliEIW3Pm7qPeKV5pVerITzK5RifMreCk62nGWBEZm1Nr1yE3 GC/SoZgz64a+uf8QSlRlULbatJpcKx2OtQoo7fyl1uiMxtsbZB6k8GiBdXdUxls1 NU3soSYyNEG9r5guSCyQfUVg5SnW36bD1Z8y8kL8pRvI+yd9y7snCtCyjEx3lNWK D1SaMlhtjZ4PQXGf/X5DTvGZzrET2IHBehGIK58NF6hCCSDALK0II2nouEz6To1l cZAdsuCWCYLrpZV29+riLCIwLps3wMm3lmHyKzKqzYNcd3Ei9GvDbkjyWANOZM+t h/uoVfununF7aOQTqhxwcx+xT7tLCA==
=QAFC
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)