Bug#747412: uscan: option to verify current upstream tarball
Paul Wise
pabs at debian.org
Thu May 8 12:10:02 UTC 2014
Package: devscripts
Severity: wishlist
File: /usr/bin/uscan
It would be great if there were an option to verify the current upstream
tarball is the same as the one for the package and that the upstream
cryptographic signatures still match. Currently sponsors have to do this
manually, it would be much better if it could be automated. If the hash
of the tarball is different to upstream, uscan could determine if the
tarball was just recompressed, if the tarball itself was recreated or if
the content of the tarball is different and maybe how it is different.
--
bye,
pabs
http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20140508/fbbd9430/attachment.sig>
More information about the devscripts-devel
mailing list