Re: Upstream Tarball Signature Files
Hi,
On Fri, Aug 18, 2017 at 12:02:27PM +0200, Guillem Jover wrote:
..
> Adding support for more signature formats or filename variations is
> not hard, but it increases the amount of those extensions and perhaps
> the additional sanity checks we have to support and perform on them on
> multiple tools, etc. It would also require waiting at least once more
> release cycle until they can be used.
I just commited uscan/mk-origtargz support of these.
It will be nice dpkg can support both
foo.tar.gz
foo.tar.gz.asc
or
foo.tar.gz
foo.tar.asc (signature on uncompressed)
combinations.
There are upstream releasing in these format.
More nasty one is releasing foo.tar.gz with "gpg -s" w/o -b as
foo.tar.gz.sig or "gpg -sa" as foo.tar.gz.asc. I have no idea how to
extract signaturefile from non-detached signature. That's remaining
task but a rare case.
Osamu
Reply to: