On Mon, Jul 31, 2017 at 05:30:46AM -0400, Paul Wise wrote: > > How does this interact with git-based workflows? > > I don't use such workflows so I'm not sure, but at a guess; uscan and > upstream tarballs aren't involved in your workflow, so you won't have > upstream tarball signatures either and should manually verify the > signatures on git tags (and commits) instead, which I don't think > uscan can do yet, but I guess adding it to uscan would be feasible but > then the signatures would not be stored alongside the generated > tarball. uscan isn't used, or needed, in the git-only workflow at all. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature