Package: devscripts Version: 2.22.2 Severity: wishlist Control: block 802304 by -1
Dear maintainers, CMake provides its source tarballs with an indirect signature scheme [1]: instead of signing the .zip and .tar.gz archives individually, they collect the SHA256 hashes of all files in a dedicated .txt file and then sign that. It would be nice if uscan could verify this signature scheme automatically, but I must admit I have no good proposal how to extend the watch file format. Cheers Timo [1] https://cmake.org/download/ -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
signature.asc
Description: PGP signature
