Hello, On Mon, Aug 07 2017, Paul Hardy wrote: > The version of lintian now in testing, 2.5.52, introduces a new error > (not just a warning) for missing ".asc" signature files. The relevant > changelog entry is > > + Added: > ... - orig-tarball-missing-upstream-signature > > A missing ".orig.tar.*.asc" file now produces a lintian error (not > just a warning). This is a known bug in the current version of Lintian. > Also, where signature files are desired, I think it would be > beneficial to also accept binary ".sig" files as an alternative to > ".asc" files, for example as produced with "gpg -b". > > This is especially beneficial if any requirement for a signature file > is a goal for upstream sources. As one example, GNU Project files on > the GNU FTP repository are uploaded with corresponding ".sig" files. > It would be redundant to also require ".asc" signature files for those > packages. > > It is possible to fake out lintian by taking a binary ".sig" file and > changing its extension to ".asc", but I think that is sub-optimal. > > Making changes to debian-policy (if deemed appropriate) to allow > upstream binary signature files would affect at least lintian, > dpkg-dev, uscan, and Debian maintainer guides. This sounds like a new policy bug to be filed :) -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature