Bug#727096: uscan: debian/upstream/signing-key.pgp debian/upstream/signing-key.asc debian/upstream-signing-key.pgp
James McCoy
jamessan at debian.org
Sun Aug 23 14:13:04 UTC 2015
On Aug 23, 2015 9:33 AM, "Osamu Aoki" <osamu at debian.org> wrote:
>
> Hi,
>
> Its been almost 2 years.
>
> As I read the source of the current uscan of version 2.15.3, around L865:
>
> $keyring = first { -r $_ }
> qw(debian/upstream/signing-key.pgp debian/upstream/signing-key.asc
> debian/upstream-signing-key.pgp);
>
> So your requested feature is practically there.
Not really. This is looking for the keyring which is used to verify the
signature. Ansgar wants uscan to be able to perform verification after the
fact, using a cached signature stored in debian/upstream.
That should really be a separate tool, which uscan could then use to do on
the fly checking. I thought dkg may have also discussed having the
signature stored somewhere, but maybe I'm misremembering.
Cheers,
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20150823/8637669f/attachment.html>
More information about the devscripts-devel
mailing list