On Sun, Feb 26, 2017 at 01:13:47PM +0200, Martin-Éric Racine wrote:
> No, it does not. Adding a pgpurlmangle option won't magically make
> upstream produce GPG signatures.
Oh, sorry, I misread your first email, reading that your upstream does
provide signatures, and even with that lintian was nagging you.
Yes, if upstream does not publish gpg signatures, you are stuck with
that tag. You may override it if you wish so (I personally wouldn't),
but the idea is that you should talk with upstream and "convince" him to
start doing so.
> However, upstream does publish foo.tar.gz.md5 checksums.
MD5 is useless and is nearly as good nothing for integrity checking.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature