[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#922557: lintian: Please check whether there's an expected orig tarball signature

Package: lintian
Version: 2.7.0
Severity: wishlist

Hi!

I just noticed that I've sometimes been failing to include the orig
tarball signature file for some of the uploads after the first new
upstream release. Let me clarify with an example:

  - Fetch upstream xfstt 1.9.3 orig.tar.xz and orig.tar.xz.asc.
  - Build xfstt 1.9.3-1 source w/ orig.tar.xz.asc. (Good)
  - Build xfstt 1.9.3-2 source w/o orig.tar.xz.asc. (Bad)
  - Build xfstt 1.9.3-3 source w/o orig.tar.xz.asc. (Bad)
  - Fetch upstream xfstt 1.10 orig.tar.xz and orig.tar.xz.asc.
  - Build xfstt 1.10-1 source w/ orig.tar.xz.asc. (Good)

So, when building new revisions it seems I'm prone to forget to place
the orig.tar.xz.asc alongside the orig.tar.xz sometimes. :/

It would be nice to get a warning to avoid this. I imagine a tag
could be emitted whenever there is no «*.orig.tar.*.asc» (for each
«*.orig.tar.*») and either of the following holds:

  - there is a debian/upstream/signing-key.asc file.
  - there is pgpmode or pgpsigurlmangle in opts in debian/watch.

Thanks,
Guillem
Reply to: