On Sun, June 9, 2013 10:01, Schrober wrote: > Source: gnupg > Severity: wishlist > > uscan will receive support [1] for checking downloaded tarballs+signatures > against a predefined set of keys. gnupg is an (or the most) important part > of > the verification procedures in debian. Therefore, I would like ask you > directly instead of waiting that you noticed this feature. > > I've attached an example watch file and an upstream-signing-key.pgp > (please > throw this one away and recreate it because I have absolutely no idea what > keys should be included. I've just imported the one from the gnupg > homepage > [2]).
Thanks, However, this doesn't work for me. If I put random data in the .pgp file it will download the orig.tar.gz blindly. Is this expected? (I'm using sid.) Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
