Package: devscripts Severity: wishlist File: /usr/bin/uscan It would be great if there were an option to verify the current upstream tarball is the same as the one for the package and that the upstream cryptographic signatures still match. Currently sponsors have to do this manually, it would be much better if it could be automated. If the hash of the tarball is different to upstream, uscan could determine if the tarball was just recompressed, if the tarball itself was recreated or if the content of the tarball is different and maybe how it is different.
-- bye, pabs http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
