Package: devscripts Version: 2.13.5 Severity: wishlist User: devscri...@packages.debian.org Usertag: uscan
Hi, Since it is easier to find/produce collisions with compressed files, some projects do a checksum on the tar file and not on the compressed file, see: http://cryptography.hyperlink.cz/2004/otherformats.html https://www.kernel.org/signature.html https://www.samba.org/samba/download/ https://open.cryptomilk.org/projects/cmocka/files It would be nice to allow uscan to check the uncompressed tarball instead of the compressed one. Bonus question: for CMocka, the directory also change (see the s/34/33/ bellow) for each file, independently of the version: https://open.cryptomilk.org/attachments/download/33/cmocka-0.3.2.tar.asc https://open.cryptomilk.org/attachments/download/34/cmocka-0.3.2.tar.xz Do you have an idea of a pgpsigurlmangle rule that would allow one to download the accurate signature file? Regards David
signature.asc
Description: Digital signature
