Re: tarball signatures in source packages and jessie
On Sun, May 22, 2016 at 19:39:53 +0200, Guillem Jover wrote:
> BTW, do you think it would make sense to cherry pick
> d01212f2d7e59fc713c66b5d60421ac2296c1463 in dpkg 1.17.x for stable,
> given that there's a point release quite soon, and then we could
> consider reenabling inclusiong of signatures for source format 1.0
> in unstable once the point release is done? (Taking into account Ian's
> remark that just the change being in stable-updates is not good enough.)
That was my initial question in this thread... I have a vested interest
in that all my packages are format 1.0, and I'd be interested in
uploading signatures for them. OTOH I can also just wait a year.
I have a related question though: if upstream ships a binary signature,
how should that be handled on the debian side? gpg --enarmor the file
and ship the result as orig.tar.gz.asc, or is there a better way?