Ok, this time I overdo it. On 05/03/16 15:13, Mattia Rizzolo wrote: > On Fri, Mar 04, 2016 at 09:17:45PM +0000, Jose M Calhariz wrote: >> One more iteraction. This time I centred on cleaning or overriding >> lintian messages. > umh 3cb664996f1694f8b72eb42c45ef4ef970f4998c > > 1) "Don't know where is the public key." — you of course you can find it > in any keyserver…, so it should be > https://sks-keyservers.net/pks/lookup?op=get&search=0xB60C068FC61670EE > Then there is always the trouble of trusting that's really theirs, but > this is another story The key I am looking is 0x2BF6893F36C73306. > 2) 'opts="pgpsigurlmangle=s%$%.sha256.sig%"' is not going to work > anyway, since uscan expects the signature to sign the tarball, while > that's the signature of the sha256 hash of the tarball Once I have the key, I will ask upstream to sign the tarball and the checksum. > 3) this is not a thing to override since > a) somebody says overriding lower than warning tags is excessive (I > personally don't agree here, just bringing a datapoint) > b) you override wrong tags (false positive) or tags that for some > reason could never be fixed, not just to hide them > the correct action here is really to leave it as it is, maybe asking > upstream to start signing the tarballs instead of checksum. > Is now OK? Kind regards Jose M Calhariz
Attachment:
signature.asc
Description: OpenPGP digital signature