Re: Upstream Tarball Signature Files

[Osamu Aoki <osamu@debian.org>]

Hi,

On Tue, Aug 08, 2017 at 10:48:08AM +0200, Guillem Jover wrote:
...
> On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote:
> > Also, where signature files are desired, I think it would be beneficial to
> > also accept binary ".sig" files as an alternative to ".asc" files, for
> > example as produced with "gpg -b".
> 
> There is no need for that, you can convert from ASCII armored to
> binary signatures and the other way around easily. 

True.  But why you want to limit to one format between .sig and .asc?

For example, uscan accepts either one when it downloads and verifies the
downloaded tarball and signaturefile.{asc,pgp,gpg,sgn,sign} with the
keyring stored in debian/upstream/signing-key.{pgp,asc}.  Why not do the
same?

If you accepts, uscan's job is creating symlink only to fix the newly
requested bug.

Please note we are more relaxed on what upstream does but what packager
does is limited to debian/*.pgp only (no gpg, sgn sign) at this moment.
(Maybe I can relax it if someone requests it with good reason.)

> Although, some of those .sig files on the GNU site are actually ASCII
> armored signatures (c.f. hello).

The uscan manpage says it accepts 4 extensions while it is accepting 5
extensions now.  I will fix it.

Osamu