Bug#916207: lintian: debian-watch-does-not-check-gpg-signature certainty considered annoying

[Chris Lamb <lamby@debian.org>]

Hi Scott,

> I think lintian should point out actionable issues.  If upstream doesn't sign 
> their releases, there's no action to take here.

I 100% agree. Indeed, I have also found that the output of all static
analysis tools becomes very quickly and tragically ignored if they are
not useful or actionable.

There are countless "good upstreams" that I interact with who do not
sign their releases; indeed, I might even count myself as one.

Thus, whilst Lintian might be entirely correct here, I would actually
vote for removing this tag or, rather, marking it as "Experimental:
yes".

Indeed, I will default to this latter action in a few days if no
serious objection is raised. It can, of course, always be reverted.

(I'm afraid I will refrain from the "Certainty" debate; it is
somewhat of a distraction given the above and the distinction appears
meaningless from all but a tiny minority users of Lintian.)


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-