Package: lintian Version: 2.14.0 Severity: wishlist Hi!
The mk-origtargz program from devscripts was producing bogus upstream tarball .asc files. It would be nice if this could be warned, so that people know this is the case and so that they have sufficient data to decide whether to fix it right away or wait for the next version bump. The problems vary in severity though: - Doubly armored files. Can be easily detected with the equivalent «grep -q ^LS0tLS1CRUd». - Bogus Armor Header Lines. Usage of /ARMORED FILE/ instead of /SIGNATURE/. - Superfluous Armor Fields. Presence of /^Version:/ and /^Comment:/. - There was also the possibility of concatenated repeated signatures. I'm not sure this has occurred in the Debian archive though, but uscan when invoked multiple times would produce this. It might be worth checking anyway, because even if this might not affect the Debian archive it might affect third party packaging. Fixing this requires modifying one of the upstream source files, so it cannot be done w/o bumping the version number. This is the equivalent of a tarball repack, so something like +ds or similar needs to be added to the upstream version string to be able to avoid collisions. I sent a mail about all this to debian-devel some weeks ago: <https://lists.debian.org/debian-devel/2019/04/msg00459.html> Thanks, Guillem