On Fri, Mar 04, 2016 at 09:17:45PM +0000, Jose M Calhariz wrote:
> One more iteraction. This time I centred on cleaning or overriding
> lintian messages.
umh 3cb664996f1694f8b72eb42c45ef4ef970f4998c
1) "Don't know where is the public key." — you of course you can find it
in any keyserver…, so it should be
https://sks-keyservers.net/pks/lookup?op=get&search=0xB60C068FC61670EE
Then there is always the trouble of trusting that's really theirs, but
this is another story
2) 'opts="pgpsigurlmangle=s%$%.sha256.sig%"' is not going to work
anyway, since uscan expects the signature to sign the tarball, while
that's the signature of the sha256 hash of the tarball
3) this is not a thing to override since
a) somebody says overriding lower than warning tags is excessive (I
personally don't agree here, just bringing a datapoint)
b) you override wrong tags (false positive) or tags that for some
reason could never be fixed, not just to hide them
the correct action here is really to leave it as it is, maybe asking
upstream to start signing the tarballs instead of checksum.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: http://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature