nick black <dankamongmen@gmail.com> writes: > i'm beginning to see use of minisign[0] as an alternative to GPG > for signing releases[2]. i'm completely ambivalent with regards to > the merits of minisign, but would like to be able to verify them > with uscan. That would be great -- upstreams are using other mechanisms to sign their releases today, like Sigsum, Sigstore, gitsign S/MIME etc, and I don't think there is any reason why 'uscan' shouldn't support all of them. This reminds me about the 'apt-get install minisign' package naming concern that we tried to flesh out a migration policy for earlier. I think I ultimately got lost trying to work out the migration flow for how to achieve that... /Simon
Attachment:
signature.asc
Description: PGP signature