Bug#727096: uscan: debian/upstream/signing-key.pgp debian/upstream/signing-key.asc debian/upstream-signing-key.pgp
Osamu Aoki
osamu at debian.org
Tue Aug 25 14:19:44 UTC 2015
Hi,
On Sun, Aug 23, 2015 at 10:13:04AM -0400, James McCoy wrote:
> On Aug 23, 2015 9:33 AM, "Osamu Aoki" <osamu at debian.org> wrote:
> >
> > Hi,
> >
> > Its been almost 2 years.
> >
> > As I read the source of the current uscan of version 2.15.3, around L865:
> >
> > $keyring = first { -r $_ }
> > qw(debian/upstream/signing-key.pgp debian/upstream/signing-key.asc
> > debian/upstream-signing-key.pgp);
> >
> > So your requested feature is practically there.
>
> Not really. This is looking for the keyring which is used to verify the
> signature. Ansgar wants uscan to be able to perform verification after the
> fact, using a cached signature stored in debian/upstream.
Thanks for explanation.
> That should really be a separate tool, which uscan could then use to do on the
> fly checking. I thought dkg may have also discussed having the signature
> stored somewhere, but maybe I'm misremembering.
I see.
Osamu
More information about the devscripts-devel
mailing list