[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for Sponsorship

On Sun, Jul 20, 2014 at 10:26 AM, Vincent Cheng wrote:

> Let me rephrase that. By all means, encourage your upstream to provide
> signed tarballs; however, it's not a requirement per Policy to ensure
> that upstream has signed their tarballs, nor is it a package RC-buggy
> if it fails this _pedantic_ lintian tag (the vast majority of the
> archive would be instantly RC-buggy if that were the case). So no, you
> do not have to fix debian-watch-may-check-gpg-signature in your
> package, and as a sponsor I'm perfectly willing to upload packages
> where the source tarball isn't signed by upstream.

... and if upstream refuses to sign their tarballs then you should
override the lintian warning with a link to the post/page where they
said that.



Reply to: