since the last lintian update, I get an error
for new packages which have the PGP signature check enabled
(f.e. python-astropy, or python-astropy-helpers). The description
| The packaging includes an upstream signing key but the corresponding
| .asc signature for one or more source tarballs are not included in
| your .changes file.
is not really helpful to me; at least I did not find a mention in the
Debian policy that the signature should be included in the .changes
file. Also, it seems that the standard (pdebuild) toolchain does not
include it by default.
What is the preferred way to included the upstream signature?
Was there some discussion about this in debian-devel that I missed?