Source: gnupg Severity: wishlist uscan will receive support [1] for checking downloaded tarballs+signatures against a predefined set of keys. gnupg is an (or the most) important part of the verification procedures in debian. Therefore, I would like ask you directly instead of waiting that you noticed this feature.
I've attached an example watch file and an upstream-signing-key.pgp (please throw this one away and recreate it because I have absolutely no idea what keys should be included. I've just imported the one from the gnupg homepage [2]). [1] http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commit;h=e82313c718b7bc8b884a2617081c6638d88af37b [2] http://www.gnupg.org/signature_key.en.html
upstream-signing-key.pgp
Description: application/pgp-encrypted
version=3 opts="pgpsigurlmangle=s/$/.sig/" \ http://gnupg.org/download/ .*/gnupg-(1\..*)\.tar\.gz