On Fri, Sep 15, 2017 at 07:42:54PM +0200, Thomas Schmitt wrote: > > Note that making a package and signing it are two separate operations (and > > you are supposed to run all build commands with -us -uc and run debsign > > explicitly). > > I understand that my signature as sponsored preparer is not of interest > but rather the signature of the sponsor who uploads my files. No, I was not talking about that. > Currently my cheat sheet has as commands for packing up and checking > after preparing the ./debian files: > > debuild -S > debuild -b So you don't even use a clean chroot? > lintian -I -E --color never --show-overrides | less You forget --pedantic. > Can you give me a command sequence as replacement for debuild -S, > which omits the gpg part ? debuild -S -us -uc (I already told you that). > > > Policy 5.5 says that ".changes" stems from control, changelog, or rules. > > > Do i have to edit one of them ? > > > No, you need to read dpkg-source(1) about including the orig tarball sig > > into the source package. > > I read about .asc there, but not about .sig. Sure, it doesn't support .sig > And the instructions for .asc just say: > "Optionally each original tarball can be accompanied by a detached > upstream signature" > No clarification is to see what "accompanied" means in particular. It means "existing in the same directory". > Is the requirement for a .sig or .asc new since september 2016 ? It's not a requirement. A lintian tag emitted when you provide the upstream signing key but don't make use of it by also providing the sig to check against it is relatively new, yes. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature