Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature

To: 735040@bugs.debian.org
Subject: Bug#735040: lintian: confusing tag name: debian-watch-may-check-gpg-signature
From: Ross Gammon <ross@the-gammons.net>
Date: Tue, 04 Mar 2014 00:13:26 +0100
Message-id: <[🔎] 53150C96.3050706@the-gammons.net>
Reply-to: Ross Gammon <ross@the-gammons.net>, 735040@bugs.debian.org

Hi,

I have a naming suggestion taken from the first part of the extended
description.

"This watch file does not include a means to verify the upstream tarball
using cryptographic signature."

Perhaps:
debian-watch-does-not-check-for-gpg-signature

By the way, the link to uscan on the lintian website goes to "wheezy" by
default which does not include anything about gpg signatures. Should it
point to sid?
http://manpages.debian.net/cgi-bin/man.cgi?query=uscan&apropos=0&sektion=1&manpath=Debian+unstable+sid

Additionally, when it is a pedantic warning it is hard to convince small
upstream projects to sign their releases when there is no clear advice
on how to go about it. A link from the Lintian warning webpage would be
handy. I would gladly start a wiki page if I knew what the best advice was.

MySQL's approach:
http://dev.mysql.com/doc/refman/5.7/en/checking-gpg-signature.html
An example of how to download key and import/export to debian directory:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732450

Regards,

Ross

Reply to:

Prev by Date: Bug#740607: lintian: Please support build-profiles
Next by Date: Bug#740607: lintian: Please support build-profiles
Previous by thread: [lintian] 01/01: Allow spaces arround = in service files.
Next by thread: Bug#739671: phppear check randomly checks one binary
Index(es):
- Date
- Thread