Bug#916207: lintian: debian-watch-does-not-check-gpg-signature certainty considered annoying
Hi Scott,
> I think lintian should point out actionable issues. If upstream doesn't sign
> their releases, there's no action to take here.
I 100% agree. Indeed, I have also found that the output of all static
analysis tools becomes very quickly and tragically ignored if they are
not useful or actionable.
There are countless "good upstreams" that I interact with who do not
sign their releases; indeed, I might even count myself as one.
Thus, whilst Lintian might be entirely correct here, I would actually
vote for removing this tag or, rather, marking it as "Experimental:
yes".
Indeed, I will default to this latter action in a few days if no
serious objection is raised. It can, of course, always be reverted.
(I'm afraid I will refrain from the "Certainty" debate; it is
somewhat of a distraction given the above and the distinction appears
meaningless from all but a tiny minority users of Lintian.)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Reply to: