Get rid of team-members/ and signature verification

Consistent with upstream Debian, who accurately note:

The whole signing-the-indexes-and-checking-sigs thing does nothing for
us except create pain on signature expiries. Strip it out.

diff --git a/Makefile b/Makefile
index fbb1ecb2cc857ea97ddc333e912e1809a831ec8e..8c7fb327040958d3edc1839616712213cb949f4b 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -3,27 +3,11 @@ TMPRING := trusted.gpg/build-area
 
 GPG_OPTIONS := --no-options --no-default-keyring --no-auto-check-trustdb --trustdb-name ./trustdb.gpg
 
-build: verify-indices keyrings/mh-archive-keyring.gpg verify-results $(TRUSTED-LIST)
-
-verify-indices: keyrings/team-members.gpg
-       gpg ${GPG_OPTIONS} \
-               --keyring keyrings/team-members.gpg \
-               --verify active-keys/index.gpg active-keys/index
-
-verify-results: keyrings/team-members.gpg keyrings/mh-archive-keyring.gpg
-       gpg ${GPG_OPTIONS} \
-               --keyring keyrings/team-members.gpg --verify \
-               keyrings/mh-archive-keyring.gpg.asc \
-               keyrings/mh-archive-keyring.gpg
-       #FIXME: Do we need to verify the created keyrings in trusted.gpg.d, too?
-       #       Maybe "just" checking that no key is added if we merge, but how…
+build: keyrings/mh-archive-keyring.gpg $(TRUSTED-LIST)
 
 keyrings/mh-archive-keyring.gpg: active-keys/index
        jetring-build -I $@ active-keys
 
-keyrings/team-members.gpg: team-members/index
-       jetring-build -I $@ team-members
-
 $(TRUSTED-LIST) :: trusted.gpg/mh-archive-%.gpg : active-keys/add-% active-keys/index
        mkdir -p $(TMPRING) trusted.gpg
        grep -F $(shell basename $<) -- active-keys/index > $(TMPRING)/index
@@ -44,4 +28,4 @@ install: build
        install -d $(DESTDIR)/etc/apt/trusted.gpg.d/
        cp $(shell find trusted.gpg/ -name '*.gpg' -type f) $(DESTDIR)/etc/apt/trusted.gpg.d/
 
-.PHONY: verify-indices verify-results clean build install
+.PHONY: clean build install