Hi Otto, On 2025-02-20 00:07, Otto Kekäläinen wrote: > While reviewing libcap2 I noticed that the upstream signatures are missing > from
> ± git checkout pristine+tar > ± ls -1 > ... > libcap2_2.63.orig.tar.xz.id > libcap2_2.66.orig.tar.xz.delta > libcap2_2.66.orig.tar.xz.id > libcap2_2.73.orig.tar.xz.delta > libcap2_2.73.orig.tar.xz.id > I noticed this while preparing a MR for the package to modify the > gbp.conf to make it more clear of what workflow/practices this package > works. I can finalize that if you give some guidance here on why the > signatures are missing and what command you have used to do the > upstream imports. They're missing because I never noticed that they are not automatically added to the pristine-tar branch... This is odd. A `uscan --download-current-version` correctly retrieves and verifies the signature: And the default for gbp's --upstream-signatures is 'auto', so I would have assumed that nothing else needs to be done: $ uscan --download-current-version Newest version of libcap2 on remote site is 2.73, specified download version is 2.73 gpgv: Signature made Mo 02 Dez 2024 05:24:50 CET gpgv: using RSA key 38A644698C69787344E954CE29EE848AE2CCF3F4 gpgv: Good signature from "Andrew G. Morgan <mor...@kernel.org>" gpgv: aka "Andrew G. Morgan (Work Address) <a...@google.com>" Successfully symlinked ../libcap-2.73.tar.xz to ../libcap2_2.73.orig.tar.xz. 2.74-rc4 is out, I assume a 2.74 release will appear soon-ish, so this should be fixed in that version. Best, Christian
