Package: libav Version: 6:9.8-2 Severity: wishlist Tags: patch as of devscripts 2.13.3, uscan can verify the OpenPGP signature of the upstream developer when scanning the package.
I believe the upstream packages for libav are signed by siretart, so you can set this up for libav by storing his public key in debian/upstream-signing-key.pgp: gpg --keyservers keys.gnupg.org --recv 0x93005DC27E876C37ED7BCA9A98083544945348A4 gpg --export-options export-minimal --export 0x93005DC27E876C37ED7BCA9A98083544945348A4 > debian/upstream-signing-key.pgp git add debian/upstream-signing-key.pgp and then applying the following patch: diff --git a/debian/watch b/debian/watch index 21e23bb..0e3dce5 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ version=3 -opts="uversionmangle=s/_/~/i" \ +opts="uversionmangle=s/_/~/i,pgpsigurlmangle=s/$/.asc/" \ http://libav.org/releases/libav-([\d\.]+)\.tar\.xz This should make the uscan check slightly more cryptographically plausible (though you'll want to change debian-upstream-signing-key.pgp if/when siretart ever moves off his 1024-bit DSA key, hopefully sooner rather than later). --dkg -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-rc4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
