nick black left as an exercise for the reader:
> i'm beginning to see use of minisign[0] as an alternative to GPG
> for signing releases[2]. i'm completely ambivalent with regards to
> the merits of minisign, but would like to be able to verify them
> with uscan.
so this is how watch might look for minisign packages[0]:
--------
version=4
# example URIs:
# https://ziglang.org/download/0.13.0/zig-0.13.0.tar.xz
# https://ziglang.org/download/0.13.0/zig-0.13.0.tar.xz.minisig
opts="sigtype=minisign, \
pgpsigurlmangle=s/$/.minisig/, \
dversionmangle=s/\+dfsg(\.?\d+)?$//, \
repacksuffix=+dfsg" \
https://ziglang.org/download/ .*/zig-([0-9\.]*)\.tar\.xz \
debian uupdate
--------
no one needs change their packages except people who have
pgpmode=none despite the presence of pgpsigurlmangle (which will
become an error if i execute my plan as proposed).
[0] https://salsa.debian.org/nickblack/zig/-/blob/main/debian/watch
--
nick black -=- https://nick-black.com
to make an apple pie from scratch,
you need first invent a universe.
Attachment:
signature.asc
Description: PGP signature