[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#802298: Update on the bug

control: tag -1 moreinfo
control: owner -1 !

On Thu, Dec 31, 2015 at 02:07:44PM +0530, Bhuvan Krishna wrote:
> Still waiting for a sponsor.

I'll do it, as I'm doing mf2.

> Between these are the 2 lintian warnings
> showing up for the package. I didn't understand what they mean. Still
> trying to find out the meaning of them and fix them.
> P: php-htmlawed source: debian-watch-may-check-gpg-signature

that's something you can't fix by yourself.
It talks about validating the origin tarball by checking against a
detatched gpg signature while dowloading the tarball with uscan; you'd
need to add stuff to d/watch to point to the upstream signature file,
and add the upstream signature key to d/upstream/signing-key.asc.
Sadly most upstreams don't gpg sign their releases (nearly noone does,
by my experience...)

> P: php-htmlawed: no-upstream-changelog

the same, if the tarball doesn't have a changelog there isn't much you
can't do...  A changelog could be a "NEWS" file, even.

btw, if you're going to follow up on this, please just discard this
email, and reply to some other email, don't break the thread, if you're
going to change the subject write something useful ("update on the bug"
ain't useful to find this email when one deals with severl hundreds
emails per day) and please, *please*, don't do top posting.

                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  http://mapreri.org                              : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature

Reply to: